ipa_subdomains.h revision 21513e51a4a2eb08f245333bf8f223713a3d7cb3
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose/*
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose SSSD
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose IPA Subdomains Module
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose Authors:
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose Sumit Bose <sbose@redhat.com>
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose Copyright (C) 2011 Red Hat
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose This program is free software; you can redistribute it and/or modify
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose it under the terms of the GNU General Public License as published by
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose the Free Software Foundation; either version 3 of the License, or
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose (at your option) any later version.
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose This program is distributed in the hope that it will be useful,
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose but WITHOUT ANY WARRANTY; without even the implied warranty of
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose GNU General Public License for more details.
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose You should have received a copy of the GNU General Public License
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose along with this program. If not, see <http://www.gnu.org/licenses/>.
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose*/
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose#ifndef _IPA_SUBDOMAINS_H_
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose#define _IPA_SUBDOMAINS_H_
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose#include "providers/dp_backend.h"
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce#include "providers/ipa/ipa_common.h"
64ea4127f463798410a2c20e0261c6b15f60257fJakub Hrozek#include "config.h"
64ea4127f463798410a2c20e0261c6b15f60257fJakub Hrozek
64ea4127f463798410a2c20e0261c6b15f60257fJakub Hrozek#ifndef IPA_TRUST_KEYTAB_DIR
dbfc407eef1d9ba2469687c3ffbe7fd8bb111d94Jakub Hrozek#define IPA_TRUST_KEYTAB_DIR SSS_STATEDIR"/keytabs"
64ea4127f463798410a2c20e0261c6b15f60257fJakub Hrozek#endif /* IPA_TRUST_KEYTAB_DIR */
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
e87badc0f6fb20a443cf12bde9582ecbc2aef727Sumit Bose/* ==Sid2Name Extended Operation============================================= */
e87badc0f6fb20a443cf12bde9582ecbc2aef727Sumit Bose#define EXOP_SID2NAME_OID "2.16.840.1.113730.3.8.10.4"
e87badc0f6fb20a443cf12bde9582ecbc2aef727Sumit Bose#define EXOP_SID2NAME_V1_OID "2.16.840.1.113730.3.8.10.4.1"
e87badc0f6fb20a443cf12bde9582ecbc2aef727Sumit Bose
b1829e54acbc8a010aca7f14b9ffa9625f8c102cSumit Bosestruct be_ctx *ipa_get_subdomains_be_ctx(struct be_ctx *be_ctx);
b1829e54acbc8a010aca7f14b9ffa9625f8c102cSumit Bose
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorceint ipa_subdom_init(struct be_ctx *be_ctx,
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce struct ipa_id_ctx *id_ctx,
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce struct bet_ops **ops,
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce void **pvt_data);
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek/* The following are used in server mode only */
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozekstruct ipa_ad_server_ctx {
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek struct sss_domain_info *dom;
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek struct ad_id_ctx *ad_id_ctx;
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek struct ipa_ad_server_ctx *next, *prev;
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek};
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek
4c53f8b7400630ae06459aa8b5079427edcaa348Jakub Hrozek/* Can be used to set up trusted subdomain, for example fetch
4c53f8b7400630ae06459aa8b5079427edcaa348Jakub Hrozek * keytab in server mode
4c53f8b7400630ae06459aa8b5079427edcaa348Jakub Hrozek */
4c53f8b7400630ae06459aa8b5079427edcaa348Jakub Hrozekstruct tevent_req *
4c53f8b7400630ae06459aa8b5079427edcaa348Jakub Hrozekipa_server_trusted_dom_setup_send(TALLOC_CTX *mem_ctx,
4c53f8b7400630ae06459aa8b5079427edcaa348Jakub Hrozek struct tevent_context *ev,
4c53f8b7400630ae06459aa8b5079427edcaa348Jakub Hrozek struct be_ctx *be_ctx,
4c53f8b7400630ae06459aa8b5079427edcaa348Jakub Hrozek struct ipa_id_ctx *id_ctx,
4c53f8b7400630ae06459aa8b5079427edcaa348Jakub Hrozek struct sss_domain_info *subdom);
4c53f8b7400630ae06459aa8b5079427edcaa348Jakub Hrozekerrno_t ipa_server_trusted_dom_setup_recv(struct tevent_req *req);
4c53f8b7400630ae06459aa8b5079427edcaa348Jakub Hrozek
27e89b6925334565c73c407a9ae2809358789c81Jakub Hrozek/* To be used by ipa_subdomains.c only */
298e22fc97a99994e025c0d507737d88fe6fafefJakub Hrozekstruct tevent_req *
298e22fc97a99994e025c0d507737d88fe6fafefJakub Hrozekipa_server_create_trusts_send(TALLOC_CTX *mem_ctx,
298e22fc97a99994e025c0d507737d88fe6fafefJakub Hrozek struct tevent_context *ev,
298e22fc97a99994e025c0d507737d88fe6fafefJakub Hrozek struct be_ctx *be_ctx,
27e89b6925334565c73c407a9ae2809358789c81Jakub Hrozek struct ipa_id_ctx *id_ctx,
27e89b6925334565c73c407a9ae2809358789c81Jakub Hrozek struct sss_domain_info *parent);
27e89b6925334565c73c407a9ae2809358789c81Jakub Hrozek
298e22fc97a99994e025c0d507737d88fe6fafefJakub Hrozekerrno_t ipa_server_create_trusts_recv(struct tevent_req *req);
298e22fc97a99994e025c0d507737d88fe6fafefJakub Hrozek
27e89b6925334565c73c407a9ae2809358789c81Jakub Hrozekvoid ipa_ad_subdom_remove(struct be_ctx *be_ctx,
27e89b6925334565c73c407a9ae2809358789c81Jakub Hrozek struct ipa_id_ctx *id_ctx,
27e89b6925334565c73c407a9ae2809358789c81Jakub Hrozek struct sss_domain_info *subdom);
27e89b6925334565c73c407a9ae2809358789c81Jakub Hrozek
27e89b6925334565c73c407a9ae2809358789c81Jakub Hrozekint ipa_ad_subdom_init(struct be_ctx *be_ctx,
27e89b6925334565c73c407a9ae2809358789c81Jakub Hrozek struct ipa_id_ctx *id_ctx);
27e89b6925334565c73c407a9ae2809358789c81Jakub Hrozek
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozekerrno_t ipa_server_get_trust_direction(struct sysdb_attrs *sd,
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek struct ldb_context *ldb_ctx,
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek uint32_t *_direction);
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozekconst char *ipa_trust_dir2str(uint32_t direction);
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek/* Utilities */
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek#define IPA_TRUST_DIRECTION "ipaNTTrustDirection"
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozekstruct ldb_dn *ipa_subdom_ldb_dn(TALLOC_CTX *mem_ctx,
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek struct ldb_context *ldb_ctx,
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek struct sysdb_attrs *attrs);
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozekbool ipa_subdom_is_member_dom(struct ldb_dn *dn);
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek
caee9828ee30609e9f433957dbb3d0163390a207Sumit Bose/* struct for external group memberships, defined in
caee9828ee30609e9f433957dbb3d0163390a207Sumit Bose * ipa_subdomains_ext_groups.c */
caee9828ee30609e9f433957dbb3d0163390a207Sumit Bosestruct ipa_ext_groups;
caee9828ee30609e9f433957dbb3d0163390a207Sumit Bose
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozekstruct ipa_server_mode_ctx {
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek const char *realm;
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek const char *hostname;
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek struct ipa_ad_server_ctx *trusts;
caee9828ee30609e9f433957dbb3d0163390a207Sumit Bose struct ipa_ext_groups *ext_groups;
6ed964cf2e5a68e92e220f3b9f55029731bcabaaJakub Hrozek
6ed964cf2e5a68e92e220f3b9f55029731bcabaaJakub Hrozek uid_t kt_owner_uid;
6ed964cf2e5a68e92e220f3b9f55029731bcabaaJakub Hrozek uid_t kt_owner_gid;
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek};
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozekint ipa_ad_subdom_init(struct be_ctx *be_ctx,
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek struct ipa_id_ctx *id_ctx);
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek
2962b3d1e072ff2ebbe343095812dad697d6bf1dSumit Boseenum req_input_type {
2962b3d1e072ff2ebbe343095812dad697d6bf1dSumit Bose REQ_INP_NAME,
2962b3d1e072ff2ebbe343095812dad697d6bf1dSumit Bose REQ_INP_ID,
21513e51a4a2eb08f245333bf8f223713a3d7cb3Sumit Bose REQ_INP_SECID,
21513e51a4a2eb08f245333bf8f223713a3d7cb3Sumit Bose REQ_INP_CERT
2962b3d1e072ff2ebbe343095812dad697d6bf1dSumit Bose};
2962b3d1e072ff2ebbe343095812dad697d6bf1dSumit Bose
2962b3d1e072ff2ebbe343095812dad697d6bf1dSumit Bosestruct req_input {
2962b3d1e072ff2ebbe343095812dad697d6bf1dSumit Bose enum req_input_type type;
2962b3d1e072ff2ebbe343095812dad697d6bf1dSumit Bose union {
2962b3d1e072ff2ebbe343095812dad697d6bf1dSumit Bose const char *name;
2962b3d1e072ff2ebbe343095812dad697d6bf1dSumit Bose uint32_t id;
2962b3d1e072ff2ebbe343095812dad697d6bf1dSumit Bose const char *secid;
21513e51a4a2eb08f245333bf8f223713a3d7cb3Sumit Bose const char *cert;
2962b3d1e072ff2ebbe343095812dad697d6bf1dSumit Bose } inp;
2962b3d1e072ff2ebbe343095812dad697d6bf1dSumit Bose};
caee9828ee30609e9f433957dbb3d0163390a207Sumit Bose
caee9828ee30609e9f433957dbb3d0163390a207Sumit Bosestruct tevent_req *ipa_get_ad_memberships_send(TALLOC_CTX *mem_ctx,
caee9828ee30609e9f433957dbb3d0163390a207Sumit Bose struct tevent_context *ev,
caee9828ee30609e9f433957dbb3d0163390a207Sumit Bose struct be_acct_req *ar,
caee9828ee30609e9f433957dbb3d0163390a207Sumit Bose struct ipa_server_mode_ctx *server_mode,
caee9828ee30609e9f433957dbb3d0163390a207Sumit Bose struct sss_domain_info *user_dom,
caee9828ee30609e9f433957dbb3d0163390a207Sumit Bose struct sdap_id_ctx *sdap_id_ctx,
caee9828ee30609e9f433957dbb3d0163390a207Sumit Bose const char *domain);
caee9828ee30609e9f433957dbb3d0163390a207Sumit Bose
caee9828ee30609e9f433957dbb3d0163390a207Sumit Boseerrno_t ipa_get_ad_memberships_recv(struct tevent_req *req, int *dp_error_out);
e2d96566aeb881bd89e5c9236d663f6a9a88019aJakub Hrozek
e2d96566aeb881bd89e5c9236d663f6a9a88019aJakub Hrozekstruct tevent_req *ipa_ext_group_member_send(TALLOC_CTX *mem_ctx,
e2d96566aeb881bd89e5c9236d663f6a9a88019aJakub Hrozek struct tevent_context *ev,
e2d96566aeb881bd89e5c9236d663f6a9a88019aJakub Hrozek const char *ext_member,
e2d96566aeb881bd89e5c9236d663f6a9a88019aJakub Hrozek void *pvt);
e2d96566aeb881bd89e5c9236d663f6a9a88019aJakub Hrozekerrno_t ipa_ext_group_member_recv(TALLOC_CTX *mem_ctx,
e2d96566aeb881bd89e5c9236d663f6a9a88019aJakub Hrozek struct tevent_req *req,
e2d96566aeb881bd89e5c9236d663f6a9a88019aJakub Hrozek enum sysdb_member_type *_member_type,
e2d96566aeb881bd89e5c9236d663f6a9a88019aJakub Hrozek struct sss_domain_info **_dom,
e2d96566aeb881bd89e5c9236d663f6a9a88019aJakub Hrozek struct sysdb_attrs **_member);
e2d96566aeb881bd89e5c9236d663f6a9a88019aJakub Hrozek
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose#endif /* _IPA_SUBDOMAINS_H_ */