idmap_kapi.c revision 9d0aba9223380be5042b63aef9767fa367b2a2ec
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * CDDL HEADER START
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * The contents of this file are subject to the terms of the
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Common Development and Distribution License (the "License").
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * You may not use this file except in compliance with the License.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * See the License for the specific language governing permissions
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * and limitations under the License.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * When distributing Covered Code, include this CDDL HEADER in each
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * If applicable, add the following below this CDDL HEADER, with the
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * fields enclosed by brackets "[]" replaced with your own identifying
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * information: Portions Copyright [yyyy] [name of copyright owner]
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * CDDL HEADER END
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * Copyright 2008 Sun Microsystems, Inc. All rights reserved.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Use is subject to license terms.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Windows to Solaris Identity Mapping kernel API
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * This module provides an API to map Windows SIDs to
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Solaris UID and GIDs.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#pragma ident "%Z%%M% %I% %E% SMI"
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#endif /* DEBUG */
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * Defined types
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * This structure holds pointers for the
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * batch mapping results.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwtypedef struct idmap_get_res {
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw const char **sid_prefix;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw/* Batch mapping handle structure */
bda89588bd7667394a834e8a9a34612cce2ae9c3jp/* Zone specific data */
bda89588bd7667394a834e8a9a34612cce2ae9c3jptypedef struct idmap_zone_specific {
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * Module global data
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * Local function definitions
bda89588bd7667394a834e8a9a34612cce2ae9c3jpkidmap_call_door(idmap_zone_specific_t *zs, door_arg_t *arg);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw return (0);
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * idmap_unreg_dh
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * This routine is called by system call idmap_unreg().
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * idmap_unreg() calls door_ki_rele() on the supplied
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * door handle after this routine returns. We only
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * need to perform one door release on zs->door_handle
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw return (0);
bda89588bd7667394a834e8a9a34612cce2ae9c3jpkidmap_call_door(idmap_zone_specific_t *zs, door_arg_t *arg)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw return (-1);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw cmn_err(CE_WARN, "idmap: Door call failed %d\n", status);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#endif /* DEBUG */
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * If we get EBADF we will most likely not get an
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * idmap_unreg_dh().
bda89588bd7667394a834e8a9a34612cce2ae9c3jp return (zs);
bda89588bd7667394a834e8a9a34612cce2ae9c3jp zs = kmem_zalloc(sizeof (idmap_zone_specific_t), KM_SLEEP);
bda89588bd7667394a834e8a9a34612cce2ae9c3jp return (zs);
bda89588bd7667394a834e8a9a34612cce2ae9c3jp return (zs);
bda89588bd7667394a834e8a9a34612cce2ae9c3jpstatic void
bda89588bd7667394a834e8a9a34612cce2ae9c3jp/* ARGSUSED */
bda89588bd7667394a834e8a9a34612cce2ae9c3jp mutex_init(&idmap_zone_mutex, NULL, MUTEX_DEFAULT, NULL);
bda89588bd7667394a834e8a9a34612cce2ae9c3jp zone_key_create(&idmap_zone_key, NULL, NULL, idmap_zone_destroy);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw return (0);
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * idmap_get_door
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * This is called by the system call allocids() to get the door for the
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * given zone.
bda89588bd7667394a834e8a9a34612cce2ae9c3jp return (dh);
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * idmap_purge_cache
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * This is called by the system call allocids() to purge the cache for the
bda89588bd7667394a834e8a9a34612cce2ae9c3jp * given zone.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Given Domain SID and RID, get UID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * sid_prefix - Domain SID in canonical form
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * rid - RID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * uid - POSIX UID if return == IDMAP_SUCCESS
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Success return IDMAP_SUCCESS else IDMAP error
bda89588bd7667394a834e8a9a34612cce2ae9c3jpkidmap_getuidbysid(zone_t *zone, const char *sid_prefix, uint32_t rid,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw const char *new_sid_prefix;
bda89588bd7667394a834e8a9a34612cce2ae9c3jp if (kidmap_cache_lookup_uidbysid(&zs->cache, sid_prefix, rid, uid)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Door call succeded */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Door call failed */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Given Domain SID and RID, get GID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * sid_prefix - Domain SID in canonical form
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * rid - RID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * gid - POSIX UID if return == IDMAP_SUCCESS
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Success return IDMAP_SUCCESS else IDMAP error
bda89588bd7667394a834e8a9a34612cce2ae9c3jpkidmap_getgidbysid(zone_t *zone, const char *sid_prefix, uint32_t rid,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw const char *new_sid_prefix;
bda89588bd7667394a834e8a9a34612cce2ae9c3jp if (kidmap_cache_lookup_gidbysid(&zs->cache, sid_prefix, rid, gid)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Door call succeded */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Door call failed */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Given Domain SID and RID, get Posix ID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * sid_prefix - Domain SID in canonical form
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * rid - RID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * pid - POSIX ID if return == IDMAP_SUCCESS
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * is_user - 1 == UID, 0 == GID if return == IDMAP_SUCCESS
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Success return IDMAP_SUCCESS else IDMAP error
bda89588bd7667394a834e8a9a34612cce2ae9c3jpkidmap_getpidbysid(zone_t *zone, const char *sid_prefix, uint32_t rid,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw const char *new_sid_prefix;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw if (sid_prefix == NULL || pid == NULL || is_user == NULL)
bda89588bd7667394a834e8a9a34612cce2ae9c3jp if (kidmap_cache_lookup_pidbysid(&zs->cache, sid_prefix, rid, pid,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Door call succeded */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Door call failed */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Given UID, get Domain SID and RID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * uid - Posix UID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * sid_prefix - Domain SID if return == IDMAP_SUCCESS
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * rid - RID if return == IDMAP_SUCCESS
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Success return IDMAP_SUCCESS else IDMAP error
bda89588bd7667394a834e8a9a34612cce2ae9c3jpkidmap_getsidbyuid(zone_t *zone, uid_t uid, const char **sid_prefix,
bda89588bd7667394a834e8a9a34612cce2ae9c3jp if (kidmap_cache_lookup_sidbyuid(&zs->cache, sid_prefix, rid, uid)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Door call succeded */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Door call failed */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Given GID, get Domain SID and RID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * gid - Posix GID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * sid_prefix - Domain SID if return == IDMAP_SUCCESS
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * rid - RID if return == IDMAP_SUCCESS
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Success return IDMAP_SUCCESS else IDMAP error
bda89588bd7667394a834e8a9a34612cce2ae9c3jpkidmap_getsidbygid(zone_t *zone, gid_t gid, const char **sid_prefix,
bda89588bd7667394a834e8a9a34612cce2ae9c3jp if (kidmap_cache_lookup_sidbygid(&zs->cache, sid_prefix, rid, gid)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Door call succeded */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Door call failed */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Create handle to get SID to UID/GID mapping entries
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * get_handle
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw handle = kmem_zalloc(sizeof (idmap_get_handle_t), KM_SLEEP);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Internal routine to extend a "get_handle"
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwstatic void
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw int new_size = get_handle->mapping_size + INIT_MAPPING_SIZE;
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Given Domain SID and RID, get UID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * sid_prefix - Domain SID in canonical form
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * rid - RID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * stat - status of the get request
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * uid - POSIX UID if stat == IDMAP_SUCCESS
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Note: The output parameters will be set by idmap_get_mappings()
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwkidmap_batch_getuidbysid(idmap_get_handle_t *get_handle, const char *sid_prefix,
bda89588bd7667394a834e8a9a34612cce2ae9c3jp if (kidmap_cache_lookup_uidbysid(&get_handle->zs->cache, sid_prefix,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Given Domain SID and RID, get GID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * sid_prefix - Domain SID in canonical form
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * rid - RID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * stat - status of the get request
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * gid - POSIX GID if stat == IDMAP_SUCCESS
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Note: The output parameters will be set by idmap_get_mappings()
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwkidmap_batch_getgidbysid(idmap_get_handle_t *get_handle, const char *sid_prefix,
bda89588bd7667394a834e8a9a34612cce2ae9c3jp if (kidmap_cache_lookup_gidbysid(&get_handle->zs->cache, sid_prefix,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Given Domain SID and RID, get Posix ID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * sid_prefix - Domain SID in canonical form
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * rid - RID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * stat - status of the get request
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * is_user - user or group
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * pid - POSIX UID if stat == IDMAP_SUCCESS and is_user == 1
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * POSIX GID if stat == IDMAP_SUCCESS and is_user == 0
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Note: The output parameters will be set by idmap_get_mappings()
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwkidmap_batch_getpidbysid(idmap_get_handle_t *get_handle, const char *sid_prefix,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw uint32_t rid, uid_t *pid, int *is_user, idmap_stat *stat)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw if (get_handle == NULL || sid_prefix == NULL || pid == NULL ||
bda89588bd7667394a834e8a9a34612cce2ae9c3jp if (kidmap_cache_lookup_pidbysid(&get_handle->zs->cache, sid_prefix,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Given UID, get SID and RID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * uid - POSIX UID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * stat - status of the get request
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * sid - SID in canonical form (if stat == IDMAP_SUCCESS)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * rid - RID (if stat == IDMAP_SUCCESS)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Note: The output parameters will be set by idmap_get_mappings()
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwkidmap_batch_getsidbyuid(idmap_get_handle_t *get_handle, uid_t uid,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw const char **sid_prefix, uint32_t *rid, idmap_stat *stat)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Given GID, get SID and RID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * gid - POSIX GID
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * stat - status of the get request
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * sid - SID in canonical form (if stat == IDMAP_SUCCESS)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * rid - RID (if stat == IDMAP_SUCCESS)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Note: The output parameters will be set by idmap_get_mappings()
c5c4113dfcabb1eed3d4bdf7609de5170027a794nwkidmap_batch_getsidbygid(idmap_get_handle_t *get_handle, gid_t gid,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw const char **sid_prefix, uint32_t *rid, idmap_stat *stat)
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Process the batched "get mapping" requests. The results (i.e.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * status and identity) will be available in the data areas
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * provided by individual requests.
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * If the door call fails the status IDMAP_ERR_NOMAPPING is
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * return and the UID or UID result is set to "nobody"
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw const char *sid_prefix;
9d0aba9223380be5042b63aef9767fa367b2a2ecjp rpc_args.idmap_mapping_batch_len = get_handle->mapping_num;
bda89588bd7667394a834e8a9a34612cce2ae9c3jp if (kidmap_rpc_call(get_handle->zs, op, xdr_idmap_mapping_batch,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Door call failed */
9d0aba9223380be5042b63aef9767fa367b2a2ecjp /* RPC returned idmap error code */
9d0aba9223380be5042b63aef9767fa367b2a2ecjp /* Reset get_handle for new resquests */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Reset get_handle for new resquests */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw * Destroy the "get mapping" handle
bda89588bd7667394a834e8a9a34612cce2ae9c3jpkidmap_rpc_call(idmap_zone_specific_t *zs, uint32_t op, xdrproc_t xdr_args,
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw xdrmem_create(&xdr_ctx, inbuf_ptr, inbuf_size, XDR_ENCODE);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#endif /* DEBUG */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* Auth none */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw /* RPC args */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#endif /* DEBUG */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#endif /* DEBUG */
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw xdrmem_create(&xdr_ctx, params.data_ptr, params.data_size, XDR_DECODE);
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw cmn_err(CE_WARN, "idmap: xdr decoding reply message error");
c5c4113dfcabb1eed3d4bdf7609de5170027a794nw#endif /* DEBUG */