14520Snw141292 /* 24520Snw141292 * CDDL HEADER START 34520Snw141292 * 44520Snw141292 * The contents of this file are subject to the terms of the 54520Snw141292 * Common Development and Distribution License (the "License"). 64520Snw141292 * You may not use this file except in compliance with the License. 74520Snw141292 * 84520Snw141292 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 94520Snw141292 * or http://www.opensolaris.org/os/licensing. 104520Snw141292 * See the License for the specific language governing permissions 114520Snw141292 * and limitations under the License. 124520Snw141292 * 134520Snw141292 * When distributing Covered Code, include this CDDL HEADER in each 144520Snw141292 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 154520Snw141292 * If applicable, add the following below this CDDL HEADER, with the 164520Snw141292 * fields enclosed by brackets "[]" replaced with your own identifying 174520Snw141292 * information: Portions Copyright [yyyy] [name of copyright owner] 184520Snw141292 * 194520Snw141292 * CDDL HEADER END 204520Snw141292 */ 214520Snw141292 224520Snw141292 /* 23*12508Samw@Sun.COM * Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved. 244520Snw141292 */ 254520Snw141292 264520Snw141292 #ifndef _ADUTILS_H 274520Snw141292 #define _ADUTILS_H 284520Snw141292 294520Snw141292 #ifdef __cplusplus 304520Snw141292 extern "C" { 314520Snw141292 #endif 324520Snw141292 334520Snw141292 /* 344520Snw141292 * Processes name2sid & sid2name lookups for a given user or computer 354520Snw141292 * from an AD Difrectory server using GSSAPI authentication 364520Snw141292 */ 374520Snw141292 384520Snw141292 #include <stdio.h> 394520Snw141292 #include <stdlib.h> 404520Snw141292 #include <unistd.h> 414520Snw141292 #include <lber.h> 424520Snw141292 #include <ldap.h> 434520Snw141292 #include <sasl/sasl.h> 444520Snw141292 #include <string.h> 454520Snw141292 #include <ctype.h> 464520Snw141292 #include <sys/types.h> 474520Snw141292 #include <time.h> 484520Snw141292 #include <thread.h> 494520Snw141292 #include <synch.h> 509565SJordan.Brown@Sun.COM #include <rpcsvc/idmap_prot.h> 518040SBaban.Kenkre@Sun.COM #include "libadutils.h" 524520Snw141292 #include <sys/idmap.h> 534520Snw141292 544520Snw141292 /* 554520Snw141292 * idmapd interfaces stolen? from other idmapd code? 564520Snw141292 */ 574520Snw141292 584520Snw141292 typedef uint32_t rid_t; 5910504SKeyur.Desai@Sun.COM typedef uid_t posix_id_t; 604520Snw141292 614520Snw141292 typedef struct idmap_query_state idmap_query_state_t; 624520Snw141292 638040SBaban.Kenkre@Sun.COM int idmap_add_ds(adutils_ad_t *ad, const char *host, int port); 644520Snw141292 654520Snw141292 664520Snw141292 /* 674520Snw141292 * Batch lookups 684520Snw141292 * 694520Snw141292 * Start a batch, add queries to the batch one by one (the output 704520Snw141292 * pointers should all differ, so that a query's results don't clobber 714520Snw141292 * any other's), end the batch to wait for replies for all outstanding 724520Snw141292 * queries. The output parameters of each query are initialized to NULL 734520Snw141292 * or -1 as appropriate. 744520Snw141292 * 754520Snw141292 * LDAP searches are sent one by one without waiting (i.e., blocking) 764520Snw141292 * for replies. Replies are handled as soon as they are available. 774520Snw141292 * Missing replies are waited for only when idmap_lookup_batch_end() is 784520Snw141292 * called. 794520Snw141292 * 804520Snw141292 * If an add1 function returns != 0 then abort the batch by calling 814520Snw141292 * idmap_lookup_batch_end(), but note that some queries may have been 824520Snw141292 * answered, so check the result code of each query. 834520Snw141292 */ 844520Snw141292 854520Snw141292 /* Start a batch of lookups */ 868040SBaban.Kenkre@Sun.COM idmap_retcode idmap_lookup_batch_start(adutils_ad_t *ad, int nqueries, 8710504SKeyur.Desai@Sun.COM int directory_based_mapping, const char *default_domain, 8810504SKeyur.Desai@Sun.COM idmap_query_state_t **state); 894520Snw141292 904520Snw141292 /* End a batch and release its idmap_query_state_t object */ 915968Snw141292 idmap_retcode idmap_lookup_batch_end(idmap_query_state_t **state); 924520Snw141292 934520Snw141292 /* Abandon a batch and release its idmap_query_state_t object */ 944884Sjp151216 void idmap_lookup_release_batch(idmap_query_state_t **state); 954520Snw141292 964520Snw141292 /* 974520Snw141292 * Add a name->SID lookup 984520Snw141292 * 994520Snw141292 * - 'dname' is optional; if NULL or empty string then 'name' has to be 1004520Snw141292 * a user/group name qualified wih a domainname (e.g., foo@domain), 1014520Snw141292 * else the 'name' must not be qualified and the domainname must be 1024520Snw141292 * passed in 'dname'. 1034520Snw141292 * 1044520Snw141292 * - if 'rid' is NULL then the output SID string will include the last 1054520Snw141292 * RID, else it won't and the last RID value will be stored in *rid. 1064520Snw141292 * 1074520Snw141292 * The caller must free() *sid. 1084520Snw141292 */ 1094520Snw141292 idmap_retcode idmap_name2sid_batch_add1(idmap_query_state_t *state, 110*12508Samw@Sun.COM const char *name, const char *dname, idmap_id_type esidtype, 1116386Sjp151216 char **dn, char **attr, char **value, char **canonname, 112*12508Samw@Sun.COM char **sid, rid_t *rid, idmap_id_type *sid_type, 113*12508Samw@Sun.COM char **unixname, 11410504SKeyur.Desai@Sun.COM posix_id_t *pid, idmap_retcode *rc); 1154520Snw141292 /* 1164520Snw141292 * Add a SID->name lookup 1174520Snw141292 * 1184520Snw141292 * - 'rid' is optional; if NULL then 'sid' is expected to have the 1194520Snw141292 * user/group RID present, else 'sid' is expected not to have it, and 1204520Snw141292 * *rid will be used to qualify the given 'sid' 1214520Snw141292 * 1224520Snw141292 * - 'dname' is optional; if NULL then the fully qualified user/group 1234520Snw141292 * name will be stored in *name, else the domain name will be stored in 1244520Snw141292 * *dname and the user/group name will be stored in *name without a 1254520Snw141292 * domain qualifier. 1264520Snw141292 * 1274520Snw141292 * The caller must free() *name and *dname (if present). 1284520Snw141292 */ 1294520Snw141292 idmap_retcode idmap_sid2name_batch_add1(idmap_query_state_t *state, 130*12508Samw@Sun.COM const char *sid, const rid_t *rid, idmap_id_type esidtype, 1316386Sjp151216 char **dn, char **attr, char **value, char **name, 132*12508Samw@Sun.COM char **dname, idmap_id_type *sid_type, char **unixname, 13310504SKeyur.Desai@Sun.COM posix_id_t *pid, idmap_retcode *rc); 1345731Sbaban 1355731Sbaban /* 1365731Sbaban * Add a unixname->SID lookup 1375731Sbaban */ 1385731Sbaban idmap_retcode idmap_unixname2sid_batch_add1(idmap_query_state_t *state, 1395731Sbaban const char *unixname, int is_user, int is_wuser, 1406386Sjp151216 char **dn, char **attr, char **value, char **sid, rid_t *rid, 141*12508Samw@Sun.COM char **name, char **dname, idmap_id_type *sid_type, 142*12508Samw@Sun.COM idmap_retcode *rc); 1435731Sbaban 1445731Sbaban /* 14510504SKeyur.Desai@Sun.COM * Add a PID->SID lookup 14610504SKeyur.Desai@Sun.COM */ 14710504SKeyur.Desai@Sun.COM idmap_retcode idmap_pid2sid_batch_add1(idmap_query_state_t *state, 14810504SKeyur.Desai@Sun.COM posix_id_t pid, int is_user, 14910504SKeyur.Desai@Sun.COM char **dn, char **attr, char **value, char **sid, rid_t *rid, 150*12508Samw@Sun.COM char **name, char **dname, idmap_id_type *sid_type, 151*12508Samw@Sun.COM idmap_retcode *rc); 15210504SKeyur.Desai@Sun.COM 15310504SKeyur.Desai@Sun.COM /* 1545731Sbaban * Set unixname attribute names for the batch for AD-based name mapping 1555731Sbaban */ 1565731Sbaban void idmap_lookup_batch_set_unixattr(idmap_query_state_t *state, 1575731Sbaban const char *unixuser_attr, const char *unixgroup_attr); 1584520Snw141292 1594520Snw141292 #ifdef __cplusplus 1604520Snw141292 } 1614520Snw141292 #endif 1624520Snw141292 1634520Snw141292 #endif /* _ADUTILS_H */ 164