14520Snw141292 /*
24520Snw141292  * CDDL HEADER START
34520Snw141292  *
44520Snw141292  * The contents of this file are subject to the terms of the
54520Snw141292  * Common Development and Distribution License (the "License").
64520Snw141292  * You may not use this file except in compliance with the License.
74520Snw141292  *
84520Snw141292  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
94520Snw141292  * or http://www.opensolaris.org/os/licensing.
104520Snw141292  * See the License for the specific language governing permissions
114520Snw141292  * and limitations under the License.
124520Snw141292  *
134520Snw141292  * When distributing Covered Code, include this CDDL HEADER in each
144520Snw141292  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
154520Snw141292  * If applicable, add the following below this CDDL HEADER, with the
164520Snw141292  * fields enclosed by brackets "[]" replaced with your own identifying
174520Snw141292  * information: Portions Copyright [yyyy] [name of copyright owner]
184520Snw141292  *
194520Snw141292  * CDDL HEADER END
204520Snw141292  */
214520Snw141292 
224520Snw141292 /*
23*9565SJordan.Brown@Sun.COM  * Copyright 2009 Sun Microsystems, Inc.  All rights reserved.
244520Snw141292  * Use is subject to license terms.
254520Snw141292  */
264520Snw141292 
274520Snw141292 #ifndef _ADUTILS_H
284520Snw141292 #define	_ADUTILS_H
294520Snw141292 
304520Snw141292 #ifdef __cplusplus
314520Snw141292 extern "C" {
324520Snw141292 #endif
334520Snw141292 
344520Snw141292 /*
354520Snw141292  * Processes name2sid & sid2name lookups for a given user or computer
364520Snw141292  * from an AD Difrectory server using GSSAPI authentication
374520Snw141292  */
384520Snw141292 
394520Snw141292 #include <stdio.h>
404520Snw141292 #include <stdlib.h>
414520Snw141292 #include <unistd.h>
424520Snw141292 #include <lber.h>
434520Snw141292 #include <ldap.h>
444520Snw141292 #include <sasl/sasl.h>
454520Snw141292 #include <string.h>
464520Snw141292 #include <ctype.h>
474520Snw141292 #include <sys/types.h>
484520Snw141292 #include <time.h>
494520Snw141292 #include <thread.h>
504520Snw141292 #include <synch.h>
51*9565SJordan.Brown@Sun.COM #include <rpcsvc/idmap_prot.h>
528040SBaban.Kenkre@Sun.COM #include "libadutils.h"
534520Snw141292 #include <sys/idmap.h>
544520Snw141292 
554520Snw141292 /*
564520Snw141292  * idmapd interfaces stolen? from other idmapd code?
574520Snw141292  */
584520Snw141292 
594520Snw141292 /*
604520Snw141292  * Eventually these should be an enum here, but instead we share a
614520Snw141292  * namespace with other things in idmapd.
624520Snw141292  */
634520Snw141292 #define	_IDMAP_T_OTHER		0
645731Sbaban #define	_IDMAP_T_UNDEF		-1
654520Snw141292 #define	_IDMAP_T_USER		-1004
664520Snw141292 #define	_IDMAP_T_GROUP		-1005
674520Snw141292 #define	_IDMAP_T_DOMAIN		-1006
684520Snw141292 #define	_IDMAP_T_COMPUTER	-1007
694520Snw141292 
704520Snw141292 typedef uint32_t rid_t;
714520Snw141292 
724520Snw141292 typedef struct idmap_query_state idmap_query_state_t;
734520Snw141292 
748040SBaban.Kenkre@Sun.COM int	idmap_add_ds(adutils_ad_t *ad, const char *host, int port);
754520Snw141292 
764520Snw141292 
774520Snw141292 /*
784520Snw141292  * Batch lookups
794520Snw141292  *
804520Snw141292  * Start a batch, add queries to the batch one by one (the output
814520Snw141292  * pointers should all differ, so that a query's results don't clobber
824520Snw141292  * any other's), end the batch to wait for replies for all outstanding
834520Snw141292  * queries.  The output parameters of each query are initialized to NULL
844520Snw141292  * or -1 as appropriate.
854520Snw141292  *
864520Snw141292  * LDAP searches are sent one by one without waiting (i.e., blocking)
874520Snw141292  * for replies.  Replies are handled as soon as they are available.
884520Snw141292  * Missing replies are waited for only when idmap_lookup_batch_end() is
894520Snw141292  * called.
904520Snw141292  *
914520Snw141292  * If an add1 function returns != 0 then abort the batch by calling
924520Snw141292  * idmap_lookup_batch_end(), but note that some queries may have been
934520Snw141292  * answered, so check the result code of each query.
944520Snw141292  */
954520Snw141292 
964520Snw141292 /* Start a batch of lookups */
978040SBaban.Kenkre@Sun.COM idmap_retcode idmap_lookup_batch_start(adutils_ad_t *ad, int nqueries,
984520Snw141292 		idmap_query_state_t **state);
994520Snw141292 
1004520Snw141292 /* End a batch and release its idmap_query_state_t object */
1015968Snw141292 idmap_retcode idmap_lookup_batch_end(idmap_query_state_t **state);
1024520Snw141292 
1034520Snw141292 /* Abandon a batch and release its idmap_query_state_t object */
1044884Sjp151216 void idmap_lookup_release_batch(idmap_query_state_t **state);
1054520Snw141292 
1064520Snw141292 /*
1074520Snw141292  * Add a name->SID lookup
1084520Snw141292  *
1094520Snw141292  *  - 'dname' is optional; if NULL or empty string then 'name' has to be
1104520Snw141292  *  a user/group name qualified wih a domainname (e.g., foo@domain),
1114520Snw141292  *  else the 'name' must not be qualified and the domainname must be
1124520Snw141292  *  passed in 'dname'.
1134520Snw141292  *
1144520Snw141292  *  - if 'rid' is NULL then the output SID string will include the last
1154520Snw141292  *  RID, else it won't and the last RID value will be stored in *rid.
1164520Snw141292  *
1174520Snw141292  *  The caller must free() *sid.
1184520Snw141292  */
1194520Snw141292 idmap_retcode idmap_name2sid_batch_add1(idmap_query_state_t *state,
1205731Sbaban 		const char *name, const char *dname, int eunixtype,
1216386Sjp151216 		char **dn, char **attr, char **value, char **canonname,
1226386Sjp151216 		char **sid, rid_t *rid, int *sid_type, char **unixname,
1236386Sjp151216 		idmap_retcode *rc);
1244520Snw141292 /*
1254520Snw141292  * Add a SID->name lookup
1264520Snw141292  *
1274520Snw141292  *  - 'rid' is optional; if NULL then 'sid' is expected to have the
1284520Snw141292  *  user/group RID present, else 'sid' is expected not to have it, and
1294520Snw141292  *  *rid will be used to qualify the given 'sid'
1304520Snw141292  *
1314520Snw141292  *  - 'dname' is optional; if NULL then the fully qualified user/group
1324520Snw141292  *  name will be stored in *name, else the domain name will be stored in
1334520Snw141292  *  *dname and the user/group name will be stored in *name without a
1344520Snw141292  *  domain qualifier.
1354520Snw141292  *
1364520Snw141292  *  The caller must free() *name and *dname (if present).
1374520Snw141292  */
1384520Snw141292 idmap_retcode idmap_sid2name_batch_add1(idmap_query_state_t *state,
1395731Sbaban 		const char *sid, const rid_t *rid, int eunixtype,
1406386Sjp151216 		char **dn, char **attr, char **value, char **name,
1416386Sjp151216 		char **dname, int *sid_type, char **unixname,
1426386Sjp151216 		idmap_retcode *rc);
1435731Sbaban 
1445731Sbaban /*
1455731Sbaban  * Add a unixname->SID lookup
1465731Sbaban  */
1475731Sbaban idmap_retcode idmap_unixname2sid_batch_add1(idmap_query_state_t *state,
1485731Sbaban 		const char *unixname, int is_user, int is_wuser,
1496386Sjp151216 		char **dn, char **attr, char **value, char **sid, rid_t *rid,
1506386Sjp151216 		char **name, char **dname, int *sid_type, idmap_retcode *rc);
1515731Sbaban 
1525731Sbaban /*
1535731Sbaban  * Set unixname attribute names for the batch for AD-based name mapping
1545731Sbaban  */
1555731Sbaban void idmap_lookup_batch_set_unixattr(idmap_query_state_t *state,
1565731Sbaban 		const char *unixuser_attr, const char *unixgroup_attr);
1574520Snw141292 
1584520Snw141292 #ifdef __cplusplus
1594520Snw141292 }
1604520Snw141292 #endif
1614520Snw141292 
1624520Snw141292 #endif	/* _ADUTILS_H */
163