1*8040SBaban.Kenkre@Sun.COM /* 2*8040SBaban.Kenkre@Sun.COM * CDDL HEADER START 3*8040SBaban.Kenkre@Sun.COM * 4*8040SBaban.Kenkre@Sun.COM * The contents of this file are subject to the terms of the 5*8040SBaban.Kenkre@Sun.COM * Common Development and Distribution License (the "License"). 6*8040SBaban.Kenkre@Sun.COM * You may not use this file except in compliance with the License. 7*8040SBaban.Kenkre@Sun.COM * 8*8040SBaban.Kenkre@Sun.COM * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9*8040SBaban.Kenkre@Sun.COM * or http://www.opensolaris.org/os/licensing. 10*8040SBaban.Kenkre@Sun.COM * See the License for the specific language governing permissions 11*8040SBaban.Kenkre@Sun.COM * and limitations under the License. 12*8040SBaban.Kenkre@Sun.COM * 13*8040SBaban.Kenkre@Sun.COM * When distributing Covered Code, include this CDDL HEADER in each 14*8040SBaban.Kenkre@Sun.COM * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15*8040SBaban.Kenkre@Sun.COM * If applicable, add the following below this CDDL HEADER, with the 16*8040SBaban.Kenkre@Sun.COM * fields enclosed by brackets "[]" replaced with your own identifying 17*8040SBaban.Kenkre@Sun.COM * information: Portions Copyright [yyyy] [name of copyright owner] 18*8040SBaban.Kenkre@Sun.COM * 19*8040SBaban.Kenkre@Sun.COM * CDDL HEADER END 20*8040SBaban.Kenkre@Sun.COM */ 21*8040SBaban.Kenkre@Sun.COM /* 22*8040SBaban.Kenkre@Sun.COM * Copyright 2008 Sun Microsystems, Inc. All rights reserved. 23*8040SBaban.Kenkre@Sun.COM * Use is subject to license terms. 24*8040SBaban.Kenkre@Sun.COM */ 25*8040SBaban.Kenkre@Sun.COM 26*8040SBaban.Kenkre@Sun.COM #ifndef _LIBADUTILS_H 27*8040SBaban.Kenkre@Sun.COM #define _LIBADUTILS_H 28*8040SBaban.Kenkre@Sun.COM 29*8040SBaban.Kenkre@Sun.COM #include <stdlib.h> 30*8040SBaban.Kenkre@Sun.COM #include <stdio.h> 31*8040SBaban.Kenkre@Sun.COM #include <sys/types.h> 32*8040SBaban.Kenkre@Sun.COM #include <rpc/rpc.h> 33*8040SBaban.Kenkre@Sun.COM #include <ldap.h> 34*8040SBaban.Kenkre@Sun.COM 35*8040SBaban.Kenkre@Sun.COM #ifdef __cplusplus 36*8040SBaban.Kenkre@Sun.COM extern "C" { 37*8040SBaban.Kenkre@Sun.COM #endif 38*8040SBaban.Kenkre@Sun.COM 39*8040SBaban.Kenkre@Sun.COM #define ADUTILS_DEF_NUM_RETRIES 2 40*8040SBaban.Kenkre@Sun.COM #define ADUTILS_SID_MAX_SUB_AUTHORITIES 15 41*8040SBaban.Kenkre@Sun.COM #define ADUTILS_MAXBINSID\ 42*8040SBaban.Kenkre@Sun.COM (1 + 1 + 6 + (ADUTILS_SID_MAX_SUB_AUTHORITIES * 4)) 43*8040SBaban.Kenkre@Sun.COM #define ADUTILS_MAXHEXBINSID (ADUTILS_MAXBINSID * 3) 44*8040SBaban.Kenkre@Sun.COM 45*8040SBaban.Kenkre@Sun.COM typedef struct adutils_ad adutils_ad_t; 46*8040SBaban.Kenkre@Sun.COM typedef struct adutils_entry adutils_entry_t; 47*8040SBaban.Kenkre@Sun.COM typedef struct adutils_result adutils_result_t; 48*8040SBaban.Kenkre@Sun.COM typedef struct adutils_ctx adutils_ctx_t; 49*8040SBaban.Kenkre@Sun.COM typedef struct adutils_query_state adutils_query_state_t; 50*8040SBaban.Kenkre@Sun.COM 51*8040SBaban.Kenkre@Sun.COM /* 52*8040SBaban.Kenkre@Sun.COM * Typedef for callback routine for adutils_lookup_batch_start. 53*8040SBaban.Kenkre@Sun.COM * This callback routine is used to process the result of 54*8040SBaban.Kenkre@Sun.COM * ldap_result(3LDAP). 55*8040SBaban.Kenkre@Sun.COM * ld - LDAP handle used by ldap_result(3LDAP) 56*8040SBaban.Kenkre@Sun.COM * res - Entry returned by ldap_result(3LDAP) 57*8040SBaban.Kenkre@Sun.COM * rc - Return value of ldap_result(3LDAP) 58*8040SBaban.Kenkre@Sun.COM * qid - Query ID that corresponds to the result. 59*8040SBaban.Kenkre@Sun.COM * argp - Argument passed by the caller at the time 60*8040SBaban.Kenkre@Sun.COM * of adutils_lookup_batch_start. 61*8040SBaban.Kenkre@Sun.COM */ 62*8040SBaban.Kenkre@Sun.COM typedef void (*adutils_ldap_res_search_cb)(LDAP *ld, LDAPMessage **res, 63*8040SBaban.Kenkre@Sun.COM int rc, int qid, void *argp); 64*8040SBaban.Kenkre@Sun.COM 65*8040SBaban.Kenkre@Sun.COM typedef enum { 66*8040SBaban.Kenkre@Sun.COM ADUTILS_SUCCESS = 0, 67*8040SBaban.Kenkre@Sun.COM ADUTILS_ERR_INTERNAL = -10000, 68*8040SBaban.Kenkre@Sun.COM ADUTILS_ERR_OTHER, 69*8040SBaban.Kenkre@Sun.COM ADUTILS_ERR_NOTFOUND, 70*8040SBaban.Kenkre@Sun.COM ADUTILS_ERR_RETRIABLE_NET_ERR, 71*8040SBaban.Kenkre@Sun.COM ADUTILS_ERR_MEMORY, 72*8040SBaban.Kenkre@Sun.COM ADUTILS_ERR_DOMAIN 73*8040SBaban.Kenkre@Sun.COM } adutils_rc; 74*8040SBaban.Kenkre@Sun.COM 75*8040SBaban.Kenkre@Sun.COM /* 76*8040SBaban.Kenkre@Sun.COM * We use the port numbers for normal LDAP and global catalog LDAP as 77*8040SBaban.Kenkre@Sun.COM * the enum values for this enumeration. Clever? Silly? You decide. 78*8040SBaban.Kenkre@Sun.COM * Although we never actually use these enum values as port numbers and 79*8040SBaban.Kenkre@Sun.COM * never will, so this is just cute. 80*8040SBaban.Kenkre@Sun.COM */ 81*8040SBaban.Kenkre@Sun.COM typedef enum adutils_ad_partition { 82*8040SBaban.Kenkre@Sun.COM ADUTILS_AD_DATA = 389, 83*8040SBaban.Kenkre@Sun.COM ADUTILS_AD_GLOBAL_CATALOG = 3268 84*8040SBaban.Kenkre@Sun.COM } adutils_ad_partition_t; 85*8040SBaban.Kenkre@Sun.COM 86*8040SBaban.Kenkre@Sun.COM 87*8040SBaban.Kenkre@Sun.COM /* 88*8040SBaban.Kenkre@Sun.COM * adutils interfaces: 89*8040SBaban.Kenkre@Sun.COM * 90*8040SBaban.Kenkre@Sun.COM * - an adutils_ad_t represents an AD partition 91*8040SBaban.Kenkre@Sun.COM * - a DS (hostname + port, if port != 0) can be added/removed from an 92*8040SBaban.Kenkre@Sun.COM * adutils_ad_t 93*8040SBaban.Kenkre@Sun.COM * - an adutils_ad_t can be allocated, ref'ed and released; last release 94*8040SBaban.Kenkre@Sun.COM * releases resources 95*8040SBaban.Kenkre@Sun.COM * 96*8040SBaban.Kenkre@Sun.COM * 97*8040SBaban.Kenkre@Sun.COM * adutils_lookup_batch_xxx interfaces: 98*8040SBaban.Kenkre@Sun.COM * 99*8040SBaban.Kenkre@Sun.COM * These interfaces allow the caller to batch AD lookup requests. The 100*8040SBaban.Kenkre@Sun.COM * batched requests are processed asynchronously. The actual lookup 101*8040SBaban.Kenkre@Sun.COM * is currently implement using libldap's ldap_search_ext(3LDAP) and 102*8040SBaban.Kenkre@Sun.COM * ldap_result(3LDAP) APIs. 103*8040SBaban.Kenkre@Sun.COM * 104*8040SBaban.Kenkre@Sun.COM * Example: 105*8040SBaban.Kenkre@Sun.COM * adutils_query_state_t *qs; 106*8040SBaban.Kenkre@Sun.COM * adutils_lookup_batch_start(..., &qs); 107*8040SBaban.Kenkre@Sun.COM * for each request { 108*8040SBaban.Kenkre@Sun.COM * rc = adutils_lookup_batch_add(qs, ...); 109*8040SBaban.Kenkre@Sun.COM * if (rc != success) 110*8040SBaban.Kenkre@Sun.COM * break; 111*8040SBaban.Kenkre@Sun.COM * } 112*8040SBaban.Kenkre@Sun.COM * if (rc == success) 113*8040SBaban.Kenkre@Sun.COM * adutils_lookup_batch_end(&qs); 114*8040SBaban.Kenkre@Sun.COM * else 115*8040SBaban.Kenkre@Sun.COM * adutils_lookup_batch_release(&qs); 116*8040SBaban.Kenkre@Sun.COM * 117*8040SBaban.Kenkre@Sun.COM * The adutils_lookup_batch_start interface allows the caller to pass 118*8040SBaban.Kenkre@Sun.COM * in a callback function that's invoked when ldap_result() returns 119*8040SBaban.Kenkre@Sun.COM * LDAP_RES_SEARCH_RESULT and LDAP_RES_SEARCH_ENTRY for each request. 120*8040SBaban.Kenkre@Sun.COM * 121*8040SBaban.Kenkre@Sun.COM * If no callback is provided then adutils batch API falls back to its 122*8040SBaban.Kenkre@Sun.COM * default behaviour which is: 123*8040SBaban.Kenkre@Sun.COM * For LDAP_RES_SEARCH_ENTRY, add the entry to the entry set. 124*8040SBaban.Kenkre@Sun.COM * For LDAP_RES_SEARCH_RESULT, set return code to 125*8040SBaban.Kenkre@Sun.COM * ADUTILS_ERR_NOTFOUND if the entry set is empty. 126*8040SBaban.Kenkre@Sun.COM * 127*8040SBaban.Kenkre@Sun.COM * See $SRC/cmd/idmap/idmapd/adutils.c for an example of 128*8040SBaban.Kenkre@Sun.COM * non-default callback routine. 129*8040SBaban.Kenkre@Sun.COM * 130*8040SBaban.Kenkre@Sun.COM */ 131*8040SBaban.Kenkre@Sun.COM 132*8040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_ad_alloc(adutils_ad_t **new_ad, 133*8040SBaban.Kenkre@Sun.COM const char *default_domain, 134*8040SBaban.Kenkre@Sun.COM adutils_ad_partition_t part); 135*8040SBaban.Kenkre@Sun.COM extern void adutils_ad_free(adutils_ad_t **ad); 136*8040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_add_ds(adutils_ad_t *ad, 137*8040SBaban.Kenkre@Sun.COM const char *host, int port); 138*8040SBaban.Kenkre@Sun.COM extern void adutils_set_log(int pri, bool_t syslog, 139*8040SBaban.Kenkre@Sun.COM bool_t degraded); 140*8040SBaban.Kenkre@Sun.COM extern void adutils_freeresult(adutils_result_t **result); 141*8040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_lookup(adutils_ad_t *ad, 142*8040SBaban.Kenkre@Sun.COM const char *searchfilter, 143*8040SBaban.Kenkre@Sun.COM const char **attrs, const char *domain, 144*8040SBaban.Kenkre@Sun.COM adutils_result_t **result); 145*8040SBaban.Kenkre@Sun.COM extern char **adutils_getattr(const adutils_entry_t *entry, 146*8040SBaban.Kenkre@Sun.COM const char *attrname); 147*8040SBaban.Kenkre@Sun.COM extern const adutils_entry_t *adutils_getfirstentry( 148*8040SBaban.Kenkre@Sun.COM adutils_result_t *result); 149*8040SBaban.Kenkre@Sun.COM extern int adutils_txtsid2hexbinsid(const char *txt, 150*8040SBaban.Kenkre@Sun.COM const uint32_t *rid, 151*8040SBaban.Kenkre@Sun.COM char *hexbinsid, int hexbinsidlen); 152*8040SBaban.Kenkre@Sun.COM extern char *adutils_bv_name2str(BerValue *bval); 153*8040SBaban.Kenkre@Sun.COM extern char *adutils_bv_objsid2sidstr(BerValue *bval, 154*8040SBaban.Kenkre@Sun.COM uint32_t *rid); 155*8040SBaban.Kenkre@Sun.COM extern void adutils_reap_idle_connections(void); 156*8040SBaban.Kenkre@Sun.COM extern char *adutils_dn2dns(const char *dn); 157*8040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_lookup_batch_start(adutils_ad_t *ad, 158*8040SBaban.Kenkre@Sun.COM int nqueries, 159*8040SBaban.Kenkre@Sun.COM adutils_ldap_res_search_cb ldap_res_search_cb, 160*8040SBaban.Kenkre@Sun.COM void *ldap_res_search_argp, 161*8040SBaban.Kenkre@Sun.COM adutils_query_state_t **state); 162*8040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_lookup_batch_add(adutils_query_state_t *state, 163*8040SBaban.Kenkre@Sun.COM const char *filter, const char **attrs, 164*8040SBaban.Kenkre@Sun.COM const char *edomain, adutils_result_t **result, 165*8040SBaban.Kenkre@Sun.COM adutils_rc *rc); 166*8040SBaban.Kenkre@Sun.COM extern adutils_rc adutils_lookup_batch_end( 167*8040SBaban.Kenkre@Sun.COM adutils_query_state_t **state); 168*8040SBaban.Kenkre@Sun.COM extern void adutils_lookup_batch_release( 169*8040SBaban.Kenkre@Sun.COM adutils_query_state_t **state); 170*8040SBaban.Kenkre@Sun.COM extern const char *adutils_lookup_batch_getdefdomain( 171*8040SBaban.Kenkre@Sun.COM adutils_query_state_t *state); 172*8040SBaban.Kenkre@Sun.COM 173*8040SBaban.Kenkre@Sun.COM #ifdef __cplusplus 174*8040SBaban.Kenkre@Sun.COM } 175*8040SBaban.Kenkre@Sun.COM #endif 176*8040SBaban.Kenkre@Sun.COM 177*8040SBaban.Kenkre@Sun.COM #endif /* _LIBADUTILS_H */ 178