12b4a7802SBaban Kenkre /* 22b4a7802SBaban Kenkre * CDDL HEADER START 32b4a7802SBaban Kenkre * 42b4a7802SBaban Kenkre * The contents of this file are subject to the terms of the 52b4a7802SBaban Kenkre * Common Development and Distribution License (the "License"). 62b4a7802SBaban Kenkre * You may not use this file except in compliance with the License. 72b4a7802SBaban Kenkre * 82b4a7802SBaban Kenkre * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 92b4a7802SBaban Kenkre * or http://www.opensolaris.org/os/licensing. 102b4a7802SBaban Kenkre * See the License for the specific language governing permissions 112b4a7802SBaban Kenkre * and limitations under the License. 122b4a7802SBaban Kenkre * 132b4a7802SBaban Kenkre * When distributing Covered Code, include this CDDL HEADER in each 142b4a7802SBaban Kenkre * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 152b4a7802SBaban Kenkre * If applicable, add the following below this CDDL HEADER, with the 162b4a7802SBaban Kenkre * fields enclosed by brackets "[]" replaced with your own identifying 172b4a7802SBaban Kenkre * information: Portions Copyright [yyyy] [name of copyright owner] 182b4a7802SBaban Kenkre * 192b4a7802SBaban Kenkre * CDDL HEADER END 202b4a7802SBaban Kenkre */ 212b4a7802SBaban Kenkre /* 22*148c5f43SAlan Wright * Copyright (c) 2008, 2010, Oracle and/or its affiliates. All rights reserved. 232b4a7802SBaban Kenkre */ 242b4a7802SBaban Kenkre 252b4a7802SBaban Kenkre #ifndef _LIBADUTILS_H 262b4a7802SBaban Kenkre #define _LIBADUTILS_H 272b4a7802SBaban Kenkre 282b4a7802SBaban Kenkre #include <stdlib.h> 292b4a7802SBaban Kenkre #include <stdio.h> 302b4a7802SBaban Kenkre #include <sys/types.h> 312b4a7802SBaban Kenkre #include <rpc/rpc.h> 322b4a7802SBaban Kenkre #include <ldap.h> 332b4a7802SBaban Kenkre 342b4a7802SBaban Kenkre #ifdef __cplusplus 352b4a7802SBaban Kenkre extern "C" { 362b4a7802SBaban Kenkre #endif 372b4a7802SBaban Kenkre 382b4a7802SBaban Kenkre #define ADUTILS_DEF_NUM_RETRIES 2 39*148c5f43SAlan Wright 40*148c5f43SAlan Wright /* 41*148c5f43SAlan Wright * Symbolic constants for different sets of debug messages. 42*148c5f43SAlan Wright */ 43*148c5f43SAlan Wright enum ad_debug { 44*148c5f43SAlan Wright AD_DEBUG_ALL = 0, 45*148c5f43SAlan Wright AD_DEBUG_DNS = 1, 46*148c5f43SAlan Wright AD_DEBUG_LDAP = 2, 47*148c5f43SAlan Wright AD_DEBUG_DISC = 3, 48*148c5f43SAlan Wright AD_DEBUG_MAX = 3 49*148c5f43SAlan Wright }; 50*148c5f43SAlan Wright 512b4a7802SBaban Kenkre #define ADUTILS_SID_MAX_SUB_AUTHORITIES 15 522b4a7802SBaban Kenkre #define ADUTILS_MAXBINSID\ 532b4a7802SBaban Kenkre (1 + 1 + 6 + (ADUTILS_SID_MAX_SUB_AUTHORITIES * 4)) 542b4a7802SBaban Kenkre #define ADUTILS_MAXHEXBINSID (ADUTILS_MAXBINSID * 3) 552b4a7802SBaban Kenkre 562b4a7802SBaban Kenkre typedef struct adutils_ad adutils_ad_t; 572b4a7802SBaban Kenkre typedef struct adutils_entry adutils_entry_t; 582b4a7802SBaban Kenkre typedef struct adutils_result adutils_result_t; 592b4a7802SBaban Kenkre typedef struct adutils_ctx adutils_ctx_t; 602b4a7802SBaban Kenkre typedef struct adutils_query_state adutils_query_state_t; 612b4a7802SBaban Kenkre 622b4a7802SBaban Kenkre /* 632b4a7802SBaban Kenkre * Typedef for callback routine for adutils_lookup_batch_start. 642b4a7802SBaban Kenkre * This callback routine is used to process the result of 652b4a7802SBaban Kenkre * ldap_result(3LDAP). 662b4a7802SBaban Kenkre * ld - LDAP handle used by ldap_result(3LDAP) 672b4a7802SBaban Kenkre * res - Entry returned by ldap_result(3LDAP) 682b4a7802SBaban Kenkre * rc - Return value of ldap_result(3LDAP) 692b4a7802SBaban Kenkre * qid - Query ID that corresponds to the result. 702b4a7802SBaban Kenkre * argp - Argument passed by the caller at the time 712b4a7802SBaban Kenkre * of adutils_lookup_batch_start. 722b4a7802SBaban Kenkre */ 732b4a7802SBaban Kenkre typedef void (*adutils_ldap_res_search_cb)(LDAP *ld, LDAPMessage **res, 742b4a7802SBaban Kenkre int rc, int qid, void *argp); 752b4a7802SBaban Kenkre 762b4a7802SBaban Kenkre typedef enum { 772b4a7802SBaban Kenkre ADUTILS_SUCCESS = 0, 782b4a7802SBaban Kenkre ADUTILS_ERR_INTERNAL = -10000, 792b4a7802SBaban Kenkre ADUTILS_ERR_OTHER, 802b4a7802SBaban Kenkre ADUTILS_ERR_NOTFOUND, 812b4a7802SBaban Kenkre ADUTILS_ERR_RETRIABLE_NET_ERR, 822b4a7802SBaban Kenkre ADUTILS_ERR_MEMORY, 832b4a7802SBaban Kenkre ADUTILS_ERR_DOMAIN 842b4a7802SBaban Kenkre } adutils_rc; 852b4a7802SBaban Kenkre 862b4a7802SBaban Kenkre /* 872b4a7802SBaban Kenkre * We use the port numbers for normal LDAP and global catalog LDAP as 882b4a7802SBaban Kenkre * the enum values for this enumeration. Clever? Silly? You decide. 892b4a7802SBaban Kenkre * Although we never actually use these enum values as port numbers and 902b4a7802SBaban Kenkre * never will, so this is just cute. 912b4a7802SBaban Kenkre */ 922b4a7802SBaban Kenkre typedef enum adutils_ad_partition { 932b4a7802SBaban Kenkre ADUTILS_AD_DATA = 389, 942b4a7802SBaban Kenkre ADUTILS_AD_GLOBAL_CATALOG = 3268 952b4a7802SBaban Kenkre } adutils_ad_partition_t; 962b4a7802SBaban Kenkre 972b4a7802SBaban Kenkre 982b4a7802SBaban Kenkre /* 992b4a7802SBaban Kenkre * adutils interfaces: 1002b4a7802SBaban Kenkre * 1012b4a7802SBaban Kenkre * - an adutils_ad_t represents an AD partition 1022b4a7802SBaban Kenkre * - a DS (hostname + port, if port != 0) can be added/removed from an 1032b4a7802SBaban Kenkre * adutils_ad_t 1042b4a7802SBaban Kenkre * - an adutils_ad_t can be allocated, ref'ed and released; last release 1052b4a7802SBaban Kenkre * releases resources 1062b4a7802SBaban Kenkre * 1072b4a7802SBaban Kenkre * 1082b4a7802SBaban Kenkre * adutils_lookup_batch_xxx interfaces: 1092b4a7802SBaban Kenkre * 1102b4a7802SBaban Kenkre * These interfaces allow the caller to batch AD lookup requests. The 1112b4a7802SBaban Kenkre * batched requests are processed asynchronously. The actual lookup 1122b4a7802SBaban Kenkre * is currently implement using libldap's ldap_search_ext(3LDAP) and 1132b4a7802SBaban Kenkre * ldap_result(3LDAP) APIs. 1142b4a7802SBaban Kenkre * 1152b4a7802SBaban Kenkre * Example: 1162b4a7802SBaban Kenkre * adutils_query_state_t *qs; 1172b4a7802SBaban Kenkre * adutils_lookup_batch_start(..., &qs); 1182b4a7802SBaban Kenkre * for each request { 1192b4a7802SBaban Kenkre * rc = adutils_lookup_batch_add(qs, ...); 1202b4a7802SBaban Kenkre * if (rc != success) 1212b4a7802SBaban Kenkre * break; 1222b4a7802SBaban Kenkre * } 1232b4a7802SBaban Kenkre * if (rc == success) 1242b4a7802SBaban Kenkre * adutils_lookup_batch_end(&qs); 1252b4a7802SBaban Kenkre * else 1262b4a7802SBaban Kenkre * adutils_lookup_batch_release(&qs); 1272b4a7802SBaban Kenkre * 1282b4a7802SBaban Kenkre * The adutils_lookup_batch_start interface allows the caller to pass 1292b4a7802SBaban Kenkre * in a callback function that's invoked when ldap_result() returns 1302b4a7802SBaban Kenkre * LDAP_RES_SEARCH_RESULT and LDAP_RES_SEARCH_ENTRY for each request. 1312b4a7802SBaban Kenkre * 1322b4a7802SBaban Kenkre * If no callback is provided then adutils batch API falls back to its 1332b4a7802SBaban Kenkre * default behaviour which is: 1342b4a7802SBaban Kenkre * For LDAP_RES_SEARCH_ENTRY, add the entry to the entry set. 1352b4a7802SBaban Kenkre * For LDAP_RES_SEARCH_RESULT, set return code to 1362b4a7802SBaban Kenkre * ADUTILS_ERR_NOTFOUND if the entry set is empty. 1372b4a7802SBaban Kenkre * 1382b4a7802SBaban Kenkre * See $SRC/cmd/idmap/idmapd/adutils.c for an example of 1392b4a7802SBaban Kenkre * non-default callback routine. 1402b4a7802SBaban Kenkre * 1412b4a7802SBaban Kenkre */ 1422b4a7802SBaban Kenkre 1437a8a68f5SJulian Pullen typedef void (*adutils_logger)(int, const char *, ...); 1447a8a68f5SJulian Pullen 145*148c5f43SAlan Wright extern void adutils_set_debug(enum ad_debug item, int val); 1467a8a68f5SJulian Pullen 1472b4a7802SBaban Kenkre extern adutils_rc adutils_ad_alloc(adutils_ad_t **new_ad, 148e3f2c991SKeyur Desai const char *domain_name, 1492b4a7802SBaban Kenkre adutils_ad_partition_t part); 1502b4a7802SBaban Kenkre extern void adutils_ad_free(adutils_ad_t **ad); 1512b4a7802SBaban Kenkre extern adutils_rc adutils_add_ds(adutils_ad_t *ad, 1522b4a7802SBaban Kenkre const char *host, int port); 1534d61c878SJulian Pullen extern adutils_rc adutils_add_domain(adutils_ad_t *ad, 1544d61c878SJulian Pullen const char *domain_name, 1554d61c878SJulian Pullen const char *domain_sid); 1562b4a7802SBaban Kenkre extern void adutils_freeresult(adutils_result_t **result); 1572b4a7802SBaban Kenkre extern adutils_rc adutils_lookup(adutils_ad_t *ad, 1582b4a7802SBaban Kenkre const char *searchfilter, 1592b4a7802SBaban Kenkre const char **attrs, const char *domain, 1602b4a7802SBaban Kenkre adutils_result_t **result); 1612b4a7802SBaban Kenkre extern char **adutils_getattr(const adutils_entry_t *entry, 1622b4a7802SBaban Kenkre const char *attrname); 1632b4a7802SBaban Kenkre extern const adutils_entry_t *adutils_getfirstentry( 1642b4a7802SBaban Kenkre adutils_result_t *result); 1652b4a7802SBaban Kenkre extern int adutils_txtsid2hexbinsid(const char *txt, 1662b4a7802SBaban Kenkre const uint32_t *rid, 1672b4a7802SBaban Kenkre char *hexbinsid, int hexbinsidlen); 168e3f2c991SKeyur Desai extern char *adutils_bv_str(BerValue *bval); 169e3f2c991SKeyur Desai extern boolean_t adutils_bv_uint(BerValue *bval, unsigned int *result); 1702b4a7802SBaban Kenkre extern char *adutils_bv_objsid2sidstr(BerValue *bval, 1712b4a7802SBaban Kenkre uint32_t *rid); 1722b4a7802SBaban Kenkre extern void adutils_reap_idle_connections(void); 1732b4a7802SBaban Kenkre extern char *adutils_dn2dns(const char *dn); 1742b4a7802SBaban Kenkre extern adutils_rc adutils_lookup_batch_start(adutils_ad_t *ad, 1752b4a7802SBaban Kenkre int nqueries, 1762b4a7802SBaban Kenkre adutils_ldap_res_search_cb ldap_res_search_cb, 1772b4a7802SBaban Kenkre void *ldap_res_search_argp, 1782b4a7802SBaban Kenkre adutils_query_state_t **state); 1792b4a7802SBaban Kenkre extern adutils_rc adutils_lookup_batch_add(adutils_query_state_t *state, 1801fcced4cSJordan Brown const char *filter, const char * const *attrs, 1812b4a7802SBaban Kenkre const char *edomain, adutils_result_t **result, 1822b4a7802SBaban Kenkre adutils_rc *rc); 1832b4a7802SBaban Kenkre extern adutils_rc adutils_lookup_batch_end( 1842b4a7802SBaban Kenkre adutils_query_state_t **state); 1852b4a7802SBaban Kenkre extern void adutils_lookup_batch_release( 1862b4a7802SBaban Kenkre adutils_query_state_t **state); 1874d61c878SJulian Pullen extern int adutils_lookup_check_domain( 1884d61c878SJulian Pullen adutils_query_state_t *state, 1894d61c878SJulian Pullen const char *domain); 1904d61c878SJulian Pullen extern int adutils_lookup_check_sid_prefix( 1914d61c878SJulian Pullen adutils_query_state_t *state, 1924d61c878SJulian Pullen const char *sid); 1937a8a68f5SJulian Pullen extern void adutils_set_logger(adutils_logger logger); 1942b4a7802SBaban Kenkre 1951fcced4cSJordan Brown extern boolean_t domain_eq(const char *a, const char *b); 1961fcced4cSJordan Brown 1972b4a7802SBaban Kenkre #ifdef __cplusplus 1982b4a7802SBaban Kenkre } 1992b4a7802SBaban Kenkre #endif 2002b4a7802SBaban Kenkre 2012b4a7802SBaban Kenkre #endif /* _LIBADUTILS_H */ 202