18040SBaban.Kenkre@Sun.COM /* 28040SBaban.Kenkre@Sun.COM * CDDL HEADER START 38040SBaban.Kenkre@Sun.COM * 48040SBaban.Kenkre@Sun.COM * The contents of this file are subject to the terms of the 58040SBaban.Kenkre@Sun.COM * Common Development and Distribution License (the "License"). 68040SBaban.Kenkre@Sun.COM * You may not use this file except in compliance with the License. 78040SBaban.Kenkre@Sun.COM * 88040SBaban.Kenkre@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 98040SBaban.Kenkre@Sun.COM * or http://www.opensolaris.org/os/licensing. 108040SBaban.Kenkre@Sun.COM * See the License for the specific language governing permissions 118040SBaban.Kenkre@Sun.COM * and limitations under the License. 128040SBaban.Kenkre@Sun.COM * 138040SBaban.Kenkre@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each 148040SBaban.Kenkre@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 158040SBaban.Kenkre@Sun.COM * If applicable, add the following below this CDDL HEADER, with the 168040SBaban.Kenkre@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying 178040SBaban.Kenkre@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner] 188040SBaban.Kenkre@Sun.COM * 198040SBaban.Kenkre@Sun.COM * CDDL HEADER END 208040SBaban.Kenkre@Sun.COM */ 218040SBaban.Kenkre@Sun.COM /* 22*12508Samw@Sun.COM * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. 238040SBaban.Kenkre@Sun.COM */ 248040SBaban.Kenkre@Sun.COM 258040SBaban.Kenkre@Sun.COM #ifndef _LIBADUTILS_H 268040SBaban.Kenkre@Sun.COM #define _LIBADUTILS_H 278040SBaban.Kenkre@Sun.COM 288040SBaban.Kenkre@Sun.COM #include <stdlib.h> 298040SBaban.Kenkre@Sun.COM #include <stdio.h> 308040SBaban.Kenkre@Sun.COM #include <sys/types.h> 318040SBaban.Kenkre@Sun.COM #include <rpc/rpc.h> 328040SBaban.Kenkre@Sun.COM #include <ldap.h> 338040SBaban.Kenkre@Sun.COM 348040SBaban.Kenkre@Sun.COM #ifdef __cplusplus 358040SBaban.Kenkre@Sun.COM extern "C" { 368040SBaban.Kenkre@Sun.COM #endif 378040SBaban.Kenkre@Sun.COM 388040SBaban.Kenkre@Sun.COM #define ADUTILS_DEF_NUM_RETRIES 2 39*12508Samw@Sun.COM 40*12508Samw@Sun.COM /* 41*12508Samw@Sun.COM * Symbolic constants for different sets of debug messages. 42*12508Samw@Sun.COM */ 43*12508Samw@Sun.COM enum ad_debug { 44*12508Samw@Sun.COM AD_DEBUG_ALL = 0, 45*12508Samw@Sun.COM AD_DEBUG_DNS = 1, 46*12508Samw@Sun.COM AD_DEBUG_LDAP = 2, 47*12508Samw@Sun.COM AD_DEBUG_DISC = 3, 48*12508Samw@Sun.COM AD_DEBUG_MAX = 3 49*12508Samw@Sun.COM }; 50*12508Samw@Sun.COM 518040SBaban.Kenkre@Sun.COM #define ADUTILS_SID_MAX_SUB_AUTHORITIES 15 528040SBaban.Kenkre@Sun.COM #define ADUTILS_MAXBINSID\ 538040SBaban.Kenkre@Sun.COM (1 + 1 + 6 + (ADUTILS_SID_MAX_SUB_AUTHORITIES * 4)) 548040SBaban.Kenkre@Sun.COM #define ADUTILS_MAXHEXBINSID (ADUTILS_MAXBINSID * 3) 558040SBaban.Kenkre@Sun.COM 568040SBaban.Kenkre@Sun.COM typedef struct adutils_ad adutils_ad_t; 578040SBaban.Kenkre@Sun.COM typedef struct adutils_entry adutils_entry_t; 588040SBaban.Kenkre@Sun.COM typedef struct adutils_result adutils_result_t; 598040SBaban.Kenkre@Sun.COM typedef struct adutils_ctx adutils_ctx_t; 608040SBaban.Kenkre@Sun.COM typedef struct adutils_query_state adutils_query_state_t; 618040SBaban.Kenkre@Sun.COM 628040SBaban.Kenkre@Sun.COM /* 638040SBaban.Kenkre@Sun.COM * Typedef for callback routine for adutils_lookup_batch_start. 648040SBaban.Kenkre@Sun.COM * This callback routine is used to process the result of 658040SBaban.Kenkre@Sun.COM * ldap_result(3LDAP). 668040SBaban.Kenkre@Sun.COM * ld - LDAP handle used by ldap_result(3LDAP) 678040SBaban.Kenkre@Sun.COM * res - Entry returned by ldap_result(3LDAP) 688040SBaban.Kenkre@Sun.COM * rc - Return value of ldap_result(3LDAP) 698040SBaban.Kenkre@Sun.COM * qid - Query ID that corresponds to the result. 708040SBaban.Kenkre@Sun.COM * argp - Argument passed by the caller at the time 718040SBaban.Kenkre@Sun.COM * of adutils_lookup_batch_start. 728040SBaban.Kenkre@Sun.COM */ 738040SBaban.Kenkre@Sun.COM typedef void (*adutils_ldap_res_search_cb)(LDAP *ld, LDAPMessage **res, 748040SBaban.Kenkre@Sun.COM int rc, int qid, void *argp); 758040SBaban.Kenkre@Sun.COM 768040SBaban.Kenkre@Sun.COM typedef enum { 778040SBaban.Kenkre@Sun.COM ADUTILS_SUCCESS = 0, 788040SBaban.Kenkre@Sun.COM ADUTILS_ERR_INTERNAL = -10000, 798040SBaban.Kenkre@Sun.COM ADUTILS_ERR_OTHER, 808040SBaban.Kenkre@Sun.COM ADUTILS_ERR_NOTFOUND, 818040SBaban.Kenkre@Sun.COM ADUTILS_ERR_RETRIABLE_NET_ERR, 828040SBaban.Kenkre@Sun.COM ADUTILS_ERR_MEMORY, 838040SBaban.Kenkre@Sun.COM ADUTILS_ERR_DOMAIN 848040SBaban.Kenkre@Sun.COM } adutils_rc; 858040SBaban.Kenkre@Sun.COM 868040SBaban.Kenkre@Sun.COM /* 878040SBaban.Kenkre@Sun.COM * We use the port numbers for normal LDAP and global catalog LDAP as 888040SBaban.Kenkre@Sun.COM * the enum values for this enumeration. Clever? Silly? You decide. 898040SBaban.Kenkre@Sun.COM * Although we never actually use these enum values as port numbers and 908040SBaban.Kenkre@Sun.COM * never will, so this is just cute. 918040SBaban.Kenkre@Sun.COM */ 928040SBaban.Kenkre@Sun.COM typedef enum adutils_ad_partition { 938040SBaban.Kenkre@Sun.COM ADUTILS_AD_DATA = 389, 948040SBaban.Kenkre@Sun.COM ADUTILS_AD_GLOBAL_CATALOG = 3268 958040SBaban.Kenkre@Sun.COM } adutils_ad_partition_t; 968040SBaban.Kenkre@Sun.COM 978040SBaban.Kenkre@Sun.COM 988040SBaban.Kenkre@Sun.COM /* 998040SBaban.Kenkre@Sun.COM * adutils interfaces: 1008040SBaban.Kenkre@Sun.COM * 1018040SBaban.Kenkre@Sun.COM * - an adutils_ad_t represents an AD partition 1028040SBaban.Kenkre@Sun.COM * - a DS (hostname + port, if port != 0) can be added/removed from an 1038040SBaban.Kenkre@Sun.COM * adutils_ad_t 1048040SBaban.Kenkre@Sun.COM * - an adutils_ad_t can be allocated, ref'ed and released; last release 1058040SBaban.Kenkre@Sun.COM * releases resources 1068040SBaban.Kenkre@Sun.COM * 1078040SBaban.Kenkre@Sun.COM * 1088040SBaban.Kenkre@Sun.COM * adutils_lookup_batch_xxx interfaces: 1098040SBaban.Kenkre@Sun.COM * 1108040SBaban.Kenkre@Sun.COM * These interfaces allow the caller to batch AD lookup requests. The 1118040SBaban.Kenkre@Sun.COM * batched requests are processed asynchronously. The actual lookup 1128040SBaban.Kenkre@Sun.COM * is currently implement using libldap's ldap_search_ext(3LDAP) and 1138040SBaban.Kenkre@Sun.COM * ldap_result(3LDAP) APIs. 1148040SBaban.Kenkre@Sun.COM * 1158040SBaban.Kenkre@Sun.COM * Example: 1168040SBaban.Kenkre@Sun.COM * adutils_query_state_t *qs; 1178040SBaban.Kenkre@Sun.COM * adutils_lookup_batch_start(..., &qs); 1188040SBaban.Kenkre@Sun.COM * for each request { 1198040SBaban.Kenkre@Sun.COM * rc = adutils_lookup_batch_add(qs, ...); 1208040SBaban.Kenkre@Sun.COM * if (rc != success) 1218040SBaban.Kenkre@Sun.COM * break; 1228040SBaban.Kenkre@Sun.COM * } 1238040SBaban.Kenkre@Sun.COM * if (rc == success) 1248040SBaban.Kenkre@Sun.COM * adutils_lookup_batch_end(&qs); 1258040SBaban.Kenkre@Sun.COM * else 1268040SBaban.Kenkre@Sun.COM * adutils_lookup_batch_release(&qs); 1278040SBaban.Kenkre@Sun.COM * 1288040SBaban.Kenkre@Sun.COM * The adutils_lookup_batch_start interface allows the caller to pass 1298040SBaban.Kenkre@Sun.COM * in a callback function that's invoked when ldap_result() returns 1308040SBaban.Kenkre@Sun.COM * LDAP_RES_SEARCH_RESULT and LDAP_RES_SEARCH_ENTRY for each request. 1318040SBaban.Kenkre@Sun.COM * 1328040SBaban.Kenkre@Sun.COM * If no callback is provided then adutils batch API falls back to its 1338040SBaban.Kenkre@Sun.COM * default behaviour which is: 1348040SBaban.Kenkre@Sun.COM * For LDAP_RES_SEARCH_ENTRY, add the entry to the entry set. 1358040SBaban.Kenkre@Sun.COM * For LDAP_RES_SEARCH_RESULT, set return code to 1368040SBaban.Kenkre@Sun.COM * ADUTILS_ERR_NOTFOUND if the entry set is empty. 1378040SBaban.Kenkre@Sun.COM * 1388040SBaban.Kenkre@Sun.COM * See $SRC/cmd/idmap/idmapd/adutils.c for an example of 1398040SBaban.Kenkre@Sun.COM * non-default callback routine. 1408040SBaban.Kenkre@Sun.COM * 1418040SBaban.Kenkre@Sun.COM */ 1428040SBaban.Kenkre@Sun.COM 1438671SJulian.Pullen@Sun.COM typedef void (*adutils_logger)(int, const char *, ...); 1448671SJulian.Pullen@Sun.COM 145*12508Samw@Sun.COM extern void adutils_set_debug(enum ad_debug item, int val); 1468671SJulian.Pullen@Sun.COM 1478040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_ad_alloc(adutils_ad_t **new_ad, 14810504SKeyur.Desai@Sun.COM const char *domain_name, 1498040SBaban.Kenkre@Sun.COM adutils_ad_partition_t part); 1508040SBaban.Kenkre@Sun.COM extern void adutils_ad_free(adutils_ad_t **ad); 1518040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_add_ds(adutils_ad_t *ad, 1528040SBaban.Kenkre@Sun.COM const char *host, int port); 1538361SJulian.Pullen@Sun.COM extern adutils_rc adutils_add_domain(adutils_ad_t *ad, 1548361SJulian.Pullen@Sun.COM const char *domain_name, 1558361SJulian.Pullen@Sun.COM const char *domain_sid); 1568040SBaban.Kenkre@Sun.COM extern void adutils_freeresult(adutils_result_t **result); 1578040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_lookup(adutils_ad_t *ad, 1588040SBaban.Kenkre@Sun.COM const char *searchfilter, 1598040SBaban.Kenkre@Sun.COM const char **attrs, const char *domain, 1608040SBaban.Kenkre@Sun.COM adutils_result_t **result); 1618040SBaban.Kenkre@Sun.COM extern char **adutils_getattr(const adutils_entry_t *entry, 1628040SBaban.Kenkre@Sun.COM const char *attrname); 1638040SBaban.Kenkre@Sun.COM extern const adutils_entry_t *adutils_getfirstentry( 1648040SBaban.Kenkre@Sun.COM adutils_result_t *result); 1658040SBaban.Kenkre@Sun.COM extern int adutils_txtsid2hexbinsid(const char *txt, 1668040SBaban.Kenkre@Sun.COM const uint32_t *rid, 1678040SBaban.Kenkre@Sun.COM char *hexbinsid, int hexbinsidlen); 16810504SKeyur.Desai@Sun.COM extern char *adutils_bv_str(BerValue *bval); 16910504SKeyur.Desai@Sun.COM extern boolean_t adutils_bv_uint(BerValue *bval, unsigned int *result); 1708040SBaban.Kenkre@Sun.COM extern char *adutils_bv_objsid2sidstr(BerValue *bval, 1718040SBaban.Kenkre@Sun.COM uint32_t *rid); 1728040SBaban.Kenkre@Sun.COM extern void adutils_reap_idle_connections(void); 1738040SBaban.Kenkre@Sun.COM extern char *adutils_dn2dns(const char *dn); 1748040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_lookup_batch_start(adutils_ad_t *ad, 1758040SBaban.Kenkre@Sun.COM int nqueries, 1768040SBaban.Kenkre@Sun.COM adutils_ldap_res_search_cb ldap_res_search_cb, 1778040SBaban.Kenkre@Sun.COM void *ldap_res_search_argp, 1788040SBaban.Kenkre@Sun.COM adutils_query_state_t **state); 1798040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_lookup_batch_add(adutils_query_state_t *state, 18010122SJordan.Brown@Sun.COM const char *filter, const char * const *attrs, 1818040SBaban.Kenkre@Sun.COM const char *edomain, adutils_result_t **result, 1828040SBaban.Kenkre@Sun.COM adutils_rc *rc); 1838040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_lookup_batch_end( 1848040SBaban.Kenkre@Sun.COM adutils_query_state_t **state); 1858040SBaban.Kenkre@Sun.COM extern void adutils_lookup_batch_release( 1868040SBaban.Kenkre@Sun.COM adutils_query_state_t **state); 1878361SJulian.Pullen@Sun.COM extern int adutils_lookup_check_domain( 1888361SJulian.Pullen@Sun.COM adutils_query_state_t *state, 1898361SJulian.Pullen@Sun.COM const char *domain); 1908361SJulian.Pullen@Sun.COM extern int adutils_lookup_check_sid_prefix( 1918361SJulian.Pullen@Sun.COM adutils_query_state_t *state, 1928361SJulian.Pullen@Sun.COM const char *sid); 1938671SJulian.Pullen@Sun.COM extern void adutils_set_logger(adutils_logger logger); 1948040SBaban.Kenkre@Sun.COM 19510122SJordan.Brown@Sun.COM extern boolean_t domain_eq(const char *a, const char *b); 19610122SJordan.Brown@Sun.COM 1978040SBaban.Kenkre@Sun.COM #ifdef __cplusplus 1988040SBaban.Kenkre@Sun.COM } 1998040SBaban.Kenkre@Sun.COM #endif 2008040SBaban.Kenkre@Sun.COM 2018040SBaban.Kenkre@Sun.COM #endif /* _LIBADUTILS_H */ 202