sss_idmap.h revision 3cbbfb4b05d0eb0a0809704e83589d0075e117a0
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek/*
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek SSSD
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek ID-mapping library
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek Authors:
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek Sumit Bose <sbose@redhat.com>
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek Copyright (C) 2012 Red Hat
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek This program is free software; you can redistribute it and/or modify
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek it under the terms of the GNU General Public License as published by
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek the Free Software Foundation; either version 3 of the License, or
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek (at your option) any later version.
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek This program is distributed in the hope that it will be useful,
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek but WITHOUT ANY WARRANTY; without even the implied warranty of
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek GNU General Public License for more details.
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek You should have received a copy of the GNU General Public License
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek along with this program. If not, see <http://www.gnu.org/licenses/>.
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek*/
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek#ifndef SSS_IDMAP_H_
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek#define SSS_IDMAP_H_
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek#include <stdlib.h>
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek#include <stdint.h>
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek#include <stdbool.h>
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek#include <sys/types.h>
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek#define DOM_SID_PREFIX "S-1-5-21-"
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek#define DOM_SID_PREFIX_LEN (sizeof(DOM_SID_PREFIX) - 1)
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @defgroup sss_idmap Map Unix UIDs and GIDs to SIDs and back
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * Libsss_idmap provides a mechanism to translate a SID to a UNIX UID or GID
36e49a842e257ac9bde71728ee3bef4299b6e6e2Pavel Březina * or the other way round.
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @{
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * Error codes used by libsss_idmap
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek */
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozekenum idmap_error_code {
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina /** Success */
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek IDMAP_SUCCESS = 0,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina /** Function is not yet implemented */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina IDMAP_NOT_IMPLEMENTED,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek /** General error */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina IDMAP_ERROR,
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek /** Ran out of memory during processing */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina IDMAP_OUT_OF_MEMORY,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek /** No domain added */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina IDMAP_NO_DOMAIN,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina /** The provided idmap context is invalid */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina IDMAP_CONTEXT_INVALID,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek /** The provided SID is invalid */
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek IDMAP_SID_INVALID,
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek /** The provided SID was not found */
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek IDMAP_SID_UNKNOWN,
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek /** The provided UID or GID could not be mapped */
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek IDMAP_NO_RANGE,
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina /** The provided SID is a built-in one */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina IDMAP_BUILTIN_SID,
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek /** No more free slices */
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek IDMAP_OUT_OF_SLICES,
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek /** New domain collides with existing one */
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek IDMAP_COLLISION,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek /** External source should be consulted for idmapping */
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek IDMAP_EXTERNAL,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek /** The provided name was not found */
c9db8b8b19827c3d492b8d2769aa77a37dbc12d3Jakub Hrozek IDMAP_NAME_UNKNOWN
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina};
300b9e9217ee1ed8d845ed2370c5ccf5c87afb36Pavel Březina
300b9e9217ee1ed8d845ed2370c5ccf5c87afb36Pavel Březina/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * Typedef for memory allocation functions
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek */
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozektypedef void *(idmap_alloc_func)(size_t size, void *pvt);
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozektypedef void (idmap_free_func)(void *ptr, void *pvt);
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek/**
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * Structure for id ranges
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * FIXME: this struct might change when it is clear how ranges are handled on
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * the server side
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinastruct sss_idmap_range {
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina uint32_t min;
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek uint32_t max;
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek};
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * Opaque type for SIDs
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinastruct sss_dom_sid;
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * Opaque type for the idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinastruct sss_idmap_ctx;
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * Placeholder for Samba's struct dom_sid. Consumers of libsss_idmap should
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * include an appropriate Samba header file to define struct dom_sid. We use
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * it here to avoid a hard dependency on Samba devel packages.
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinastruct dom_sid;
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @brief Initialize idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] alloc_func Function to allocate memory for the context, if
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * NULL malloc() id used
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] alloc_pvt Private data for allocation routine
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] free_func Function to free the memory the context, if
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * NULL free() id used
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * @param[out] ctx idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @return
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * - #IDMAP_OUT_OF_MEMORY: Insufficient memory to create the context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinaenum idmap_error_code sss_idmap_init(idmap_alloc_func *alloc_func,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina void *alloc_pvt,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina idmap_free_func *free_func,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina struct sss_idmap_ctx **ctx);
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek/**
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * @brief Set/unset autorid compatibility mode
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] ctx idmap context
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * @param[in] use_autorid If true, autorid compatibility mode will be used
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinaenum idmap_error_code
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinasss_idmap_ctx_set_autorid(struct sss_idmap_ctx *ctx, bool use_autorid);
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @brief Set the lower bound of the range of POSIX IDs
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] ctx idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] lower lower bound of the range
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinaenum idmap_error_code
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinasss_idmap_ctx_set_lower(struct sss_idmap_ctx *ctx, id_t lower);
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @brief Set the upper bound of the range of POSIX IDs
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * @param[in] ctx idmap context
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * @param[in] upper upper bound of the range
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinaenum idmap_error_code
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinasss_idmap_ctx_set_upper(struct sss_idmap_ctx *ctx, id_t upper);
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @brief Set the range size of POSIX IDs available for single domain
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] ctx idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] rangesize range size of IDs
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinaenum idmap_error_code
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinasss_idmap_ctx_set_rangesize(struct sss_idmap_ctx *ctx, id_t rangesize);
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
36e49a842e257ac9bde71728ee3bef4299b6e6e2Pavel Březina/**
36e49a842e257ac9bde71728ee3bef4299b6e6e2Pavel Březina * @brief Check if autorid compatibility mode is set
36e49a842e257ac9bde71728ee3bef4299b6e6e2Pavel Březina *
36e49a842e257ac9bde71728ee3bef4299b6e6e2Pavel Březina * @param[in] ctx idmap context
36e49a842e257ac9bde71728ee3bef4299b6e6e2Pavel Březina * @param[out] _autorid true if autorid is used
36e49a842e257ac9bde71728ee3bef4299b6e6e2Pavel Březina */
36e49a842e257ac9bde71728ee3bef4299b6e6e2Pavel Březinaenum idmap_error_code
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinasss_idmap_ctx_get_autorid(struct sss_idmap_ctx *ctx, bool *_autorid);
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @brief Get the lower bound of the range of POSIX IDs
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] ctx idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[out] _lower returned lower bound
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinaenum idmap_error_code
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinasss_idmap_ctx_get_lower(struct sss_idmap_ctx *ctx, id_t *_lower);
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek/**
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * @brief Get the upper bound of the range of POSIX IDs
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] ctx idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[out] _upper returned upper bound
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinaenum idmap_error_code
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinasss_idmap_ctx_get_upper(struct sss_idmap_ctx *ctx, id_t *_upper);
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @brief Get the range size of POSIX IDs available for single domain
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] ctx idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[out] rangesize returned range size
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinaenum idmap_error_code
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinasss_idmap_ctx_get_rangesize(struct sss_idmap_ctx *ctx, id_t *rangesize);
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @brief Calculate new range of available POSIX IDs
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek *
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * @param[in] ctx Idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] dom_sid Zero-terminated string representation of the domain
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * SID (S-1-15-.....)
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in,out] slice_num Slice number to be used. Set this pointer to NULL or
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * the addressed value to -1 to calculate slice number
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * automatically. The calculated value will be
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * returned in this parameter.
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * @param[out] range Structure containing upper and lower bound of the
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * range of POSIX IDs
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @return
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * - #IDMAP_OUT_OF_SLICES: Cannot calculate new range because all slices are
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * used.
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinaenum idmap_error_code sss_idmap_calculate_range(struct sss_idmap_ctx *ctx,
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek const char *dom_sid,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina id_t *slice_num,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina struct sss_idmap_range *range);
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @brief Add a domain to the idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] ctx Idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] domain_name Zero-terminated string with the domain name
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] domain_sid Zero-terminated string representation of the domain
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * SID (S-1-15-.....)
300b9e9217ee1ed8d845ed2370c5ccf5c87afb36Pavel Březina * @param[in] range TBD Some information about the id ranges of this
300b9e9217ee1ed8d845ed2370c5ccf5c87afb36Pavel Březina * domain
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek *
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * @return
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * - #IDMAP_OUT_OF_MEMORY: Insufficient memory to store the data in the idmap
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * context
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * - #IDMAP_SID_INVALID: Invalid SID provided
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * - #IDMAP_NO_DOMAIN: No domain domain name given
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * - #IDMAP_COLLISION: New domain collides with existing one
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek */
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozekenum idmap_error_code sss_idmap_add_domain(struct sss_idmap_ctx *ctx,
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek const char *domain_name,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina const char *domain_sid,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina struct sss_idmap_range *range);
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @brief Add a domain with the first mappable RID to the idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] ctx Idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] domain_name Zero-terminated string with the domain name
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] domain_sid Zero-terminated string representation of the domain
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * SID (S-1-15-.....)
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] range TBD Some information about the id ranges of this
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * domain
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] range_id optional unique identifier of a range, it is needed
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * to allow updates at runtime
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] rid The RID that should be mapped to the first ID of the
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * given range.
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] external_mapping If set to true the ID will not be mapped
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * algorithmically, but the *_to_unix and *_unix_to_*
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * calls will return IDMAP_EXTERNAL to instruct the
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * caller to check external sources. For a single
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * domain all ranges must be of the same type. It is
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * not possible to mix algorithmic and external
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * mapping.
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @return
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * - #IDMAP_OUT_OF_MEMORY: Insufficient memory to store the data in the idmap
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * context
36e49a842e257ac9bde71728ee3bef4299b6e6e2Pavel Březina * - #IDMAP_SID_INVALID: Invalid SID provided
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * - #IDMAP_NO_DOMAIN: No domain domain name given
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * - #IDMAP_COLLISION: New domain collides with existing one
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinaenum idmap_error_code sss_idmap_add_domain_ex(struct sss_idmap_ctx *ctx,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina const char *domain_name,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina const char *domain_sid,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina struct sss_idmap_range *range,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina const char *range_id,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina uint32_t rid,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina bool external_mapping);
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @brief Translate SID to a unix UID or GID
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] ctx Idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] sid Zero-terminated string representation of the SID
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[out] id Returned unix UID or GID
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @return
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * - #IDMAP_SID_INVALID: Invalid SID provided
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * - #IDMAP_EXTERNAL: external source is authoritative for mapping
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinaenum idmap_error_code sss_idmap_sid_to_unix(struct sss_idmap_ctx *ctx,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina const char *sid,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina uint32_t *id);
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina/**
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @brief Translate a SID stucture to a unix UID or GID
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] ctx Idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[in] dom_sid SID structure
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @param[out] id Returned unix UID or GID
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina *
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * @return
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * - #IDMAP_NO_DOMAIN: No domains are added to the idmap context
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * - #IDMAP_SID_INVALID: Invalid SID provided
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina * - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * idmap context
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * - #IDMAP_EXTERNAL: external source is authoritative for mapping
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina */
b800a6d09244359959404aca81c6796a58cafbcbPavel Březinaenum idmap_error_code sss_idmap_dom_sid_to_unix(struct sss_idmap_ctx *ctx,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina struct sss_dom_sid *dom_sid,
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina uint32_t *id);
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina
b800a6d09244359959404aca81c6796a58cafbcbPavel Březina/**
91b0592cdab22915dff27ceae6d8e49c608aea4aJakub Hrozek * @brief Translate a binary SID to a unix UID or GID
*
* @param[in] ctx Idmap context
* @param[in] bin_sid Array with the binary SID
* @param[in] length Size of the array containing the binary SID
* @param[out] id Returned unix UID or GID
*
* @return
* - #IDMAP_NO_DOMAIN: No domains are added to the idmap context
* - #IDMAP_SID_INVALID: Invalid SID provided
* - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the
* idmap context
* - #IDMAP_EXTERNAL: external source is authoritative for mapping
*/
enum idmap_error_code sss_idmap_bin_sid_to_unix(struct sss_idmap_ctx *ctx,
uint8_t *bin_sid,
size_t length,
uint32_t *id);
/**
* @brief Translate a Samba dom_sid stucture to a unix UID or GID
*
* @param[in] ctx Idmap context
* @param[in] smb_sid Samba dom_sid structure
* @param[out] id Returned unix UID or GID
*
* @return
* - #IDMAP_NO_DOMAIN: No domains are added to the idmap context
* - #IDMAP_SID_INVALID: Invalid SID provided
* - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the
* idmap context
* - #IDMAP_EXTERNAL: external source is authoritative for mapping
*/
enum idmap_error_code sss_idmap_smb_sid_to_unix(struct sss_idmap_ctx *ctx,
struct dom_sid *smb_sid,
uint32_t *id);
/**
* @brief Check if a SID and a unix UID or GID belong to the same range
*
* @param[in] ctx Idmap context
* @param[in] sid Zero-terminated string representation of the SID
* @param[in] id Unix UID or GID
*
* @return
* - #IDMAP_NO_DOMAIN: No domains are added to the idmap context
* - #IDMAP_SID_INVALID: Invalid SID provided
* - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the
* idmap context
* - #IDMAP_NO_RANGE No matching ID range found
*/
enum idmap_error_code sss_idmap_check_sid_unix(struct sss_idmap_ctx *ctx,
const char *sid,
uint32_t id);
/**
* @brief Check if a SID structure and a unix UID or GID belong to the same range
*
* @param[in] ctx Idmap context
* @param[in] dom_sid SID structure
* @param[in] id Unix UID or GID
*
* @return
* - #IDMAP_NO_DOMAIN: No domains are added to the idmap context
* - #IDMAP_SID_INVALID: Invalid SID provided
* - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the
* idmap context
* - #IDMAP_NO_RANGE No matching ID range found
*/
enum idmap_error_code sss_idmap_check_dom_sid_unix(struct sss_idmap_ctx *ctx,
struct sss_dom_sid *dom_sid,
uint32_t id);
/**
* @brief Check if a binary SID and a unix UID or GID belong to the same range
*
* @param[in] ctx Idmap context
* @param[in] bin_sid Array with the binary SID
* @param[in] length Size of the array containing the binary SID
* @param[in] id Unix UID or GID
*
* @return
* - #IDMAP_NO_DOMAIN: No domains are added to the idmap context
* - #IDMAP_SID_INVALID: Invalid SID provided
* - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the
* idmap context
* - #IDMAP_NO_RANGE No matching ID range found
*/
enum idmap_error_code sss_idmap_check_bin_sid_unix(struct sss_idmap_ctx *ctx,
uint8_t *bin_sid,
size_t length,
uint32_t id);
/**
* @brief Check if a Samba dom_sid structure and a unix UID or GID belong to
* the same range
*
* @param[in] ctx Idmap context
* @param[in] smb_sid Samba dom_sid structure
* @param[in] id Unix UID or GID
*
* @return
* - #IDMAP_NO_DOMAIN: No domains are added to the idmap context
* - #IDMAP_SID_INVALID: Invalid SID provided
* - #IDMAP_SID_UNKNOWN: SID cannot be found in the domains added to the
* idmap context
* - #IDMAP_NO_RANGE No matching ID range found
*/
enum idmap_error_code sss_idmap_check_smb_sid_unix(struct sss_idmap_ctx *ctx,
struct dom_sid *smb_sid,
uint32_t id);
/**
* @brief Translate unix UID or GID to a SID
*
* @param[in] ctx Idmap context
* @param[in] id unix UID or GID
* @param[out] sid Zero-terminated string representation of the SID, must be
* freed if not needed anymore
*
* @return
* - #IDMAP_NO_DOMAIN: No domains are added to the idmap context
* - #IDMAP_NO_RANGE: The provided ID cannot be found in the domains added
* to the idmap context
* - #IDMAP_EXTERNAL: external source is authoritative for mapping
*/
enum idmap_error_code sss_idmap_unix_to_sid(struct sss_idmap_ctx *ctx,
uint32_t id,
char **sid);
/**
* @brief Translate unix UID or GID to a SID structure
*
* @param[in] ctx Idmap context
* @param[in] id unix UID or GID
* @param[out] dom_sid SID structure, must be freed if not needed anymore
*
* @return
* - #IDMAP_NO_DOMAIN: No domains are added to the idmap context
* - #IDMAP_NO_RANGE: The provided ID cannot be found in the domains added
* to the idmap context
* - #IDMAP_EXTERNAL: external source is authoritative for mapping
*/
enum idmap_error_code sss_idmap_unix_to_dom_sid(struct sss_idmap_ctx *ctx,
uint32_t id,
struct sss_dom_sid **dom_sid);
/**
* @brief Translate unix UID or GID to a binary SID
*
* @param[in] ctx Idmap context
* @param[in] id unix UID or GID
* @param[out] bin_sid Array with the binary SID,
* must be freed if not needed anymore
* @param[out] length size of the array containing the binary SID
*
* @return
* - #IDMAP_NO_DOMAIN: No domains are added to the idmap context
* - #IDMAP_NO_RANGE: The provided ID cannot be found in the domains added
* to the idmap context
* - #IDMAP_EXTERNAL: external source is authoritative for mapping
*/
enum idmap_error_code sss_idmap_unix_to_bin_sid(struct sss_idmap_ctx *ctx,
uint32_t id,
uint8_t **bin_sid,
size_t *length);
/**
* @brief Free all the allocated memory of the idmap context
*
* @param[in] ctx Idmap context
*
* @return
* - #IDMAP_CONTEXT_INVALID: Provided context is invalid
*/
enum idmap_error_code sss_idmap_free(struct sss_idmap_ctx *ctx);
/**
* @brief Translate error code to a string
*
* @param[in] err Idmap error code
*
* @return
* - Error description as a zero-terminated string
*/
const char *idmap_error_string(enum idmap_error_code err);
/**
* @brief Check if given string can be used as domain SID
*
* @param[in] str String to check
*
* @return
* - true: String can be used as domain SID
* - false: String can not be used as domain SID
*/
bool is_domain_sid(const char *str);
/**
* @brief Check if a domain is configured with algorithmic mapping
*
* @param[in] ctx Idmap context
* @param[in] dom_sid SID string, can be either a domain SID
* or an object SID
* @param[out] has_algorithmic_mapping Boolean value indicating if the given
* domain is configured for algorithmic
* mapping or not.
*
* @return
* - #IDMAP_SUCCESS: Domain for the given SID was found and
* has_algorithmic_mapping is set accordingly
* - #IDMAP_SID_INVALID: Provided SID is invalid
* - #IDMAP_CONTEXT_INVALID: Provided idmap context is invalid
* - #IDMAP_NO_DOMAIN: No domains are available in the idmap context
* - #IDMAP_SID_UNKNOWN: No domain with the given SID was found in the
* idmap context
*/
enum idmap_error_code
sss_idmap_domain_has_algorithmic_mapping(struct sss_idmap_ctx *ctx,
const char *dom_sid,
bool *has_algorithmic_mapping);
/**
* @brief Check if a domain is configured with algorithmic mapping
*
* @param[in] ctx Idmap context
* @param[in] dom_name Name of the domain
* @param[out] has_algorithmic_mapping Boolean value indicating if the given
* domain is configured for algorithmic
* mapping or not.
*
* @return
* - #IDMAP_SUCCESS: Domain for the given name was found and
* has_algorithmic_mapping is set accordingly
* - #IDMAP_ERROR: Provided name is invalid
* - #IDMAP_CONTEXT_INVALID: Provided idmap context is invalid
* - #IDMAP_NO_DOMAIN: No domains are available in the idmap context
* - #IDMAP_NAME_UNKNOWN: No domain with the given name was found in the
* idmap context
*/
enum idmap_error_code
sss_idmap_domain_by_name_has_algorithmic_mapping(struct sss_idmap_ctx *ctx,
const char *dom_name,
bool *has_algorithmic_mapping);
/**
* @brief Convert binary SID to SID structure
*
* @param[in] ctx Idmap context
* @param[in] bin_sid Array with the binary SID
* @param[in] length Size of the array containing the binary SID
* @param[out] dom_sid SID structure,
* must be freed if not needed anymore
*
* @return
* - #IDMAP_SID_INVALID: Given SID is invalid
* - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result
*/
enum idmap_error_code sss_idmap_bin_sid_to_dom_sid(struct sss_idmap_ctx *ctx,
const uint8_t *bin_sid,
size_t length,
struct sss_dom_sid **dom_sid);
/**
* @brief Convert binary SID to SID string
*
* @param[in] ctx Idmap context
* @param[in] bin_sid Array with the binary SID
* @param[in] length Size of the array containing the binary SID
* @param[out] sid Zero-terminated string representation of the SID,
* must be freed if not needed anymore
*
* @return
* - #IDMAP_SID_INVALID: Given SID is invalid
* - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result
*/
enum idmap_error_code sss_idmap_bin_sid_to_sid(struct sss_idmap_ctx *ctx,
const uint8_t *bin_sid,
size_t length,
char **sid);
/**
* @brief Convert SID structure to binary SID
*
* @param[in] ctx Idmap context
* @param[in] dom_sid SID structure
* @param[out] bin_sid Array with the binary SID,
* must be freed if not needed anymore
* @param[out] length Size of the array containing the binary SID
*
* @return
* - #IDMAP_SID_INVALID: Given SID is invalid
* - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result
*/
enum idmap_error_code sss_idmap_dom_sid_to_bin_sid(struct sss_idmap_ctx *ctx,
struct sss_dom_sid *dom_sid,
uint8_t **bin_sid,
size_t *length);
/**
* @brief Convert SID string to binary SID
*
* @param[in] ctx Idmap context
* @param[in] sid Zero-terminated string representation of the SID
* @param[out] bin_sid Array with the binary SID,
* must be freed if not needed anymore
* @param[out] length Size of the array containing the binary SID
*
* @return
* - #IDMAP_SID_INVALID: Given SID is invalid
* - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result
*/
enum idmap_error_code sss_idmap_sid_to_bin_sid(struct sss_idmap_ctx *ctx,
const char *sid,
uint8_t **bin_sid,
size_t *length);
/**
* @brief Convert SID structure to SID string
*
* @param[in] ctx Idmap context
* @param[in] dom_sid SID structure
* @param[out] sid Zero-terminated string representation of the SID,
* must be freed if not needed anymore
*
* @return
* - #IDMAP_SID_INVALID: Given SID is invalid
* - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result
*/
enum idmap_error_code sss_idmap_dom_sid_to_sid(struct sss_idmap_ctx *ctx,
struct sss_dom_sid *dom_sid,
char **sid);
/**
* @brief Convert SID string to SID structure
*
* @param[in] ctx Idmap context
* @param[in] sid Zero-terminated string representation of the SID
* @param[out] dom_sid SID structure,
* must be freed if not needed anymore
*
* @return
* - #IDMAP_SID_INVALID: Given SID is invalid
* - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result
*/
enum idmap_error_code sss_idmap_sid_to_dom_sid(struct sss_idmap_ctx *ctx,
const char *sid,
struct sss_dom_sid **dom_sid);
/**
* @brief Convert SID string to Samba dom_sid structure
*
* @param[in] ctx Idmap context
* @param[in] sid Zero-terminated string representation of the SID
* @param[out] smb_sid Samba dom_sid structure,
* must be freed if not needed anymore
*
* @return
* - #IDMAP_SID_INVALID: Given SID is invalid
* - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result
*/
enum idmap_error_code sss_idmap_sid_to_smb_sid(struct sss_idmap_ctx *ctx,
const char *sid,
struct dom_sid **smb_sid);
/**
* @brief Convert Samba dom_sid structure to SID string
*
* @param[in] ctx Idmap context
* @param[in] smb_sid Samba dom_sid structure
* @param[out] sid Zero-terminated string representation of the SID,
* must be freed if not needed anymore
*
* @return
* - #IDMAP_SID_INVALID: Given SID is invalid
* - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result
*/
enum idmap_error_code sss_idmap_smb_sid_to_sid(struct sss_idmap_ctx *ctx,
struct dom_sid *smb_sid,
char **sid);
/**
* @brief Convert SID stucture to Samba dom_sid structure
*
* @param[in] ctx Idmap context
* @param[in] dom_sid SID structure
* @param[out] smb_sid Samba dom_sid structure,
* must be freed if not needed anymore
*
* @return
* - #IDMAP_SID_INVALID: Given SID is invalid
* - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result
*/
enum idmap_error_code sss_idmap_dom_sid_to_smb_sid(struct sss_idmap_ctx *ctx,
struct sss_dom_sid *dom_sid,
struct dom_sid **smb_sid);
/**
* @brief Convert Samba dom_sid structure to SID structure
*
* @param[in] ctx Idmap context
* @param[in] smb_sid Samba dom_sid structure
* @param[out] dom_sid SID structure,
* must be freed if not needed anymore
*
* @return
* - #IDMAP_SID_INVALID: Given SID is invalid
* - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result
*/
enum idmap_error_code sss_idmap_smb_sid_to_dom_sid(struct sss_idmap_ctx *ctx,
struct dom_sid *smb_sid,
struct sss_dom_sid **dom_sid);
/**
* @brief Convert binary SID to Samba dom_sid structure
*
* @param[in] ctx Idmap context
* @param[in] bin_sid Array with the binary SID
* @param[in] length Size of the array containing the binary SID
* @param[out] smb_sid Samba dom_sid structure,
* must be freed if not needed anymore
*
* @return
* - #IDMAP_SID_INVALID: Given SID is invalid
* - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result
*/
enum idmap_error_code sss_idmap_bin_sid_to_smb_sid(struct sss_idmap_ctx *ctx,
const uint8_t *bin_sid,
size_t length,
struct dom_sid **smb_sid);
/**
* @brief Convert Samba dom_sid structure to binary SID
*
* @param[in] ctx Idmap context
* @param[in] smb_sid Samba dom_sid structure
* @param[out] bin_sid Array with the binary SID,
* must be freed if not needed anymore
* @param[out] length Size of the array containing the binary SID
*
* @return
* - #IDMAP_SID_INVALID: Given SID is invalid
* - #IDMAP_OUT_OF_MEMORY: Failed to allocate memory for the result
*/
enum idmap_error_code sss_idmap_smb_sid_to_bin_sid(struct sss_idmap_ctx *ctx,
struct dom_sid *smb_sid,
uint8_t **bin_sid,
size_t *length);
/**
* @}
*/
#endif /* SSS_IDMAP_H_ */