18040SBaban.Kenkre@Sun.COM /* 28040SBaban.Kenkre@Sun.COM * CDDL HEADER START 38040SBaban.Kenkre@Sun.COM * 48040SBaban.Kenkre@Sun.COM * The contents of this file are subject to the terms of the 58040SBaban.Kenkre@Sun.COM * Common Development and Distribution License (the "License"). 68040SBaban.Kenkre@Sun.COM * You may not use this file except in compliance with the License. 78040SBaban.Kenkre@Sun.COM * 88040SBaban.Kenkre@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 98040SBaban.Kenkre@Sun.COM * or http://www.opensolaris.org/os/licensing. 108040SBaban.Kenkre@Sun.COM * See the License for the specific language governing permissions 118040SBaban.Kenkre@Sun.COM * and limitations under the License. 128040SBaban.Kenkre@Sun.COM * 138040SBaban.Kenkre@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each 148040SBaban.Kenkre@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 158040SBaban.Kenkre@Sun.COM * If applicable, add the following below this CDDL HEADER, with the 168040SBaban.Kenkre@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying 178040SBaban.Kenkre@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner] 188040SBaban.Kenkre@Sun.COM * 198040SBaban.Kenkre@Sun.COM * CDDL HEADER END 208040SBaban.Kenkre@Sun.COM */ 218040SBaban.Kenkre@Sun.COM /* 228671SJulian.Pullen@Sun.COM * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 238040SBaban.Kenkre@Sun.COM * Use is subject to license terms. 248040SBaban.Kenkre@Sun.COM */ 258040SBaban.Kenkre@Sun.COM 268040SBaban.Kenkre@Sun.COM #ifndef _LIBADUTILS_H 278040SBaban.Kenkre@Sun.COM #define _LIBADUTILS_H 288040SBaban.Kenkre@Sun.COM 298040SBaban.Kenkre@Sun.COM #include <stdlib.h> 308040SBaban.Kenkre@Sun.COM #include <stdio.h> 318040SBaban.Kenkre@Sun.COM #include <sys/types.h> 328040SBaban.Kenkre@Sun.COM #include <rpc/rpc.h> 338040SBaban.Kenkre@Sun.COM #include <ldap.h> 348040SBaban.Kenkre@Sun.COM 358040SBaban.Kenkre@Sun.COM #ifdef __cplusplus 368040SBaban.Kenkre@Sun.COM extern "C" { 378040SBaban.Kenkre@Sun.COM #endif 388040SBaban.Kenkre@Sun.COM 398040SBaban.Kenkre@Sun.COM #define ADUTILS_DEF_NUM_RETRIES 2 408040SBaban.Kenkre@Sun.COM #define ADUTILS_SID_MAX_SUB_AUTHORITIES 15 418040SBaban.Kenkre@Sun.COM #define ADUTILS_MAXBINSID\ 428040SBaban.Kenkre@Sun.COM (1 + 1 + 6 + (ADUTILS_SID_MAX_SUB_AUTHORITIES * 4)) 438040SBaban.Kenkre@Sun.COM #define ADUTILS_MAXHEXBINSID (ADUTILS_MAXBINSID * 3) 448040SBaban.Kenkre@Sun.COM 458040SBaban.Kenkre@Sun.COM typedef struct adutils_ad adutils_ad_t; 468040SBaban.Kenkre@Sun.COM typedef struct adutils_entry adutils_entry_t; 478040SBaban.Kenkre@Sun.COM typedef struct adutils_result adutils_result_t; 488040SBaban.Kenkre@Sun.COM typedef struct adutils_ctx adutils_ctx_t; 498040SBaban.Kenkre@Sun.COM typedef struct adutils_query_state adutils_query_state_t; 508040SBaban.Kenkre@Sun.COM 518040SBaban.Kenkre@Sun.COM /* 528040SBaban.Kenkre@Sun.COM * Typedef for callback routine for adutils_lookup_batch_start. 538040SBaban.Kenkre@Sun.COM * This callback routine is used to process the result of 548040SBaban.Kenkre@Sun.COM * ldap_result(3LDAP). 558040SBaban.Kenkre@Sun.COM * ld - LDAP handle used by ldap_result(3LDAP) 568040SBaban.Kenkre@Sun.COM * res - Entry returned by ldap_result(3LDAP) 578040SBaban.Kenkre@Sun.COM * rc - Return value of ldap_result(3LDAP) 588040SBaban.Kenkre@Sun.COM * qid - Query ID that corresponds to the result. 598040SBaban.Kenkre@Sun.COM * argp - Argument passed by the caller at the time 608040SBaban.Kenkre@Sun.COM * of adutils_lookup_batch_start. 618040SBaban.Kenkre@Sun.COM */ 628040SBaban.Kenkre@Sun.COM typedef void (*adutils_ldap_res_search_cb)(LDAP *ld, LDAPMessage **res, 638040SBaban.Kenkre@Sun.COM int rc, int qid, void *argp); 648040SBaban.Kenkre@Sun.COM 658040SBaban.Kenkre@Sun.COM typedef enum { 668040SBaban.Kenkre@Sun.COM ADUTILS_SUCCESS = 0, 678040SBaban.Kenkre@Sun.COM ADUTILS_ERR_INTERNAL = -10000, 688040SBaban.Kenkre@Sun.COM ADUTILS_ERR_OTHER, 698040SBaban.Kenkre@Sun.COM ADUTILS_ERR_NOTFOUND, 708040SBaban.Kenkre@Sun.COM ADUTILS_ERR_RETRIABLE_NET_ERR, 718040SBaban.Kenkre@Sun.COM ADUTILS_ERR_MEMORY, 728040SBaban.Kenkre@Sun.COM ADUTILS_ERR_DOMAIN 738040SBaban.Kenkre@Sun.COM } adutils_rc; 748040SBaban.Kenkre@Sun.COM 758040SBaban.Kenkre@Sun.COM /* 768040SBaban.Kenkre@Sun.COM * We use the port numbers for normal LDAP and global catalog LDAP as 778040SBaban.Kenkre@Sun.COM * the enum values for this enumeration. Clever? Silly? You decide. 788040SBaban.Kenkre@Sun.COM * Although we never actually use these enum values as port numbers and 798040SBaban.Kenkre@Sun.COM * never will, so this is just cute. 808040SBaban.Kenkre@Sun.COM */ 818040SBaban.Kenkre@Sun.COM typedef enum adutils_ad_partition { 828040SBaban.Kenkre@Sun.COM ADUTILS_AD_DATA = 389, 838040SBaban.Kenkre@Sun.COM ADUTILS_AD_GLOBAL_CATALOG = 3268 848040SBaban.Kenkre@Sun.COM } adutils_ad_partition_t; 858040SBaban.Kenkre@Sun.COM 868040SBaban.Kenkre@Sun.COM 878040SBaban.Kenkre@Sun.COM /* 888040SBaban.Kenkre@Sun.COM * adutils interfaces: 898040SBaban.Kenkre@Sun.COM * 908040SBaban.Kenkre@Sun.COM * - an adutils_ad_t represents an AD partition 918040SBaban.Kenkre@Sun.COM * - a DS (hostname + port, if port != 0) can be added/removed from an 928040SBaban.Kenkre@Sun.COM * adutils_ad_t 938040SBaban.Kenkre@Sun.COM * - an adutils_ad_t can be allocated, ref'ed and released; last release 948040SBaban.Kenkre@Sun.COM * releases resources 958040SBaban.Kenkre@Sun.COM * 968040SBaban.Kenkre@Sun.COM * 978040SBaban.Kenkre@Sun.COM * adutils_lookup_batch_xxx interfaces: 988040SBaban.Kenkre@Sun.COM * 998040SBaban.Kenkre@Sun.COM * These interfaces allow the caller to batch AD lookup requests. The 1008040SBaban.Kenkre@Sun.COM * batched requests are processed asynchronously. The actual lookup 1018040SBaban.Kenkre@Sun.COM * is currently implement using libldap's ldap_search_ext(3LDAP) and 1028040SBaban.Kenkre@Sun.COM * ldap_result(3LDAP) APIs. 1038040SBaban.Kenkre@Sun.COM * 1048040SBaban.Kenkre@Sun.COM * Example: 1058040SBaban.Kenkre@Sun.COM * adutils_query_state_t *qs; 1068040SBaban.Kenkre@Sun.COM * adutils_lookup_batch_start(..., &qs); 1078040SBaban.Kenkre@Sun.COM * for each request { 1088040SBaban.Kenkre@Sun.COM * rc = adutils_lookup_batch_add(qs, ...); 1098040SBaban.Kenkre@Sun.COM * if (rc != success) 1108040SBaban.Kenkre@Sun.COM * break; 1118040SBaban.Kenkre@Sun.COM * } 1128040SBaban.Kenkre@Sun.COM * if (rc == success) 1138040SBaban.Kenkre@Sun.COM * adutils_lookup_batch_end(&qs); 1148040SBaban.Kenkre@Sun.COM * else 1158040SBaban.Kenkre@Sun.COM * adutils_lookup_batch_release(&qs); 1168040SBaban.Kenkre@Sun.COM * 1178040SBaban.Kenkre@Sun.COM * The adutils_lookup_batch_start interface allows the caller to pass 1188040SBaban.Kenkre@Sun.COM * in a callback function that's invoked when ldap_result() returns 1198040SBaban.Kenkre@Sun.COM * LDAP_RES_SEARCH_RESULT and LDAP_RES_SEARCH_ENTRY for each request. 1208040SBaban.Kenkre@Sun.COM * 1218040SBaban.Kenkre@Sun.COM * If no callback is provided then adutils batch API falls back to its 1228040SBaban.Kenkre@Sun.COM * default behaviour which is: 1238040SBaban.Kenkre@Sun.COM * For LDAP_RES_SEARCH_ENTRY, add the entry to the entry set. 1248040SBaban.Kenkre@Sun.COM * For LDAP_RES_SEARCH_RESULT, set return code to 1258040SBaban.Kenkre@Sun.COM * ADUTILS_ERR_NOTFOUND if the entry set is empty. 1268040SBaban.Kenkre@Sun.COM * 1278040SBaban.Kenkre@Sun.COM * See $SRC/cmd/idmap/idmapd/adutils.c for an example of 1288040SBaban.Kenkre@Sun.COM * non-default callback routine. 1298040SBaban.Kenkre@Sun.COM * 1308040SBaban.Kenkre@Sun.COM */ 1318040SBaban.Kenkre@Sun.COM 1328671SJulian.Pullen@Sun.COM typedef void (*adutils_logger)(int, const char *, ...); 1338671SJulian.Pullen@Sun.COM 1348671SJulian.Pullen@Sun.COM 1358040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_ad_alloc(adutils_ad_t **new_ad, 136*10504SKeyur.Desai@Sun.COM const char *domain_name, 1378040SBaban.Kenkre@Sun.COM adutils_ad_partition_t part); 1388040SBaban.Kenkre@Sun.COM extern void adutils_ad_free(adutils_ad_t **ad); 1398040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_add_ds(adutils_ad_t *ad, 1408040SBaban.Kenkre@Sun.COM const char *host, int port); 1418361SJulian.Pullen@Sun.COM extern adutils_rc adutils_add_domain(adutils_ad_t *ad, 1428361SJulian.Pullen@Sun.COM const char *domain_name, 1438361SJulian.Pullen@Sun.COM const char *domain_sid); 1448040SBaban.Kenkre@Sun.COM extern void adutils_freeresult(adutils_result_t **result); 1458040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_lookup(adutils_ad_t *ad, 1468040SBaban.Kenkre@Sun.COM const char *searchfilter, 1478040SBaban.Kenkre@Sun.COM const char **attrs, const char *domain, 1488040SBaban.Kenkre@Sun.COM adutils_result_t **result); 1498040SBaban.Kenkre@Sun.COM extern char **adutils_getattr(const adutils_entry_t *entry, 1508040SBaban.Kenkre@Sun.COM const char *attrname); 1518040SBaban.Kenkre@Sun.COM extern const adutils_entry_t *adutils_getfirstentry( 1528040SBaban.Kenkre@Sun.COM adutils_result_t *result); 1538040SBaban.Kenkre@Sun.COM extern int adutils_txtsid2hexbinsid(const char *txt, 1548040SBaban.Kenkre@Sun.COM const uint32_t *rid, 1558040SBaban.Kenkre@Sun.COM char *hexbinsid, int hexbinsidlen); 156*10504SKeyur.Desai@Sun.COM extern char *adutils_bv_str(BerValue *bval); 157*10504SKeyur.Desai@Sun.COM extern boolean_t adutils_bv_uint(BerValue *bval, unsigned int *result); 1588040SBaban.Kenkre@Sun.COM extern char *adutils_bv_objsid2sidstr(BerValue *bval, 1598040SBaban.Kenkre@Sun.COM uint32_t *rid); 1608040SBaban.Kenkre@Sun.COM extern void adutils_reap_idle_connections(void); 1618040SBaban.Kenkre@Sun.COM extern char *adutils_dn2dns(const char *dn); 1628040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_lookup_batch_start(adutils_ad_t *ad, 1638040SBaban.Kenkre@Sun.COM int nqueries, 1648040SBaban.Kenkre@Sun.COM adutils_ldap_res_search_cb ldap_res_search_cb, 1658040SBaban.Kenkre@Sun.COM void *ldap_res_search_argp, 1668040SBaban.Kenkre@Sun.COM adutils_query_state_t **state); 1678040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_lookup_batch_add(adutils_query_state_t *state, 16810122SJordan.Brown@Sun.COM const char *filter, const char * const *attrs, 1698040SBaban.Kenkre@Sun.COM const char *edomain, adutils_result_t **result, 1708040SBaban.Kenkre@Sun.COM adutils_rc *rc); 1718040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_lookup_batch_end( 1728040SBaban.Kenkre@Sun.COM adutils_query_state_t **state); 1738040SBaban.Kenkre@Sun.COM extern void adutils_lookup_batch_release( 1748040SBaban.Kenkre@Sun.COM adutils_query_state_t **state); 1758361SJulian.Pullen@Sun.COM extern int adutils_lookup_check_domain( 1768361SJulian.Pullen@Sun.COM adutils_query_state_t *state, 1778361SJulian.Pullen@Sun.COM const char *domain); 1788361SJulian.Pullen@Sun.COM extern int adutils_lookup_check_sid_prefix( 1798361SJulian.Pullen@Sun.COM adutils_query_state_t *state, 1808361SJulian.Pullen@Sun.COM const char *sid); 1818671SJulian.Pullen@Sun.COM extern void adutils_set_logger(adutils_logger logger); 1828040SBaban.Kenkre@Sun.COM 18310122SJordan.Brown@Sun.COM extern boolean_t domain_eq(const char *a, const char *b); 18410122SJordan.Brown@Sun.COM 1858040SBaban.Kenkre@Sun.COM #ifdef __cplusplus 1868040SBaban.Kenkre@Sun.COM } 1878040SBaban.Kenkre@Sun.COM #endif 1888040SBaban.Kenkre@Sun.COM 1898040SBaban.Kenkre@Sun.COM #endif /* _LIBADUTILS_H */ 190