1 /* 2 * CDDL HEADER START 3 * 4 * The contents of this file are subject to the terms of the 5 * Common Development and Distribution License (the "License"). 6 * You may not use this file except in compliance with the License. 7 * 8 * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE 9 * or http://www.opensolaris.org/os/licensing. 10 * See the License for the specific language governing permissions 11 * and limitations under the License. 12 * 13 * When distributing Covered Code, include this CDDL HEADER in each 14 * file and include the License file at usr/src/OPENSOLARIS.LICENSE. 15 * If applicable, add the following below this CDDL HEADER, with the 16 * fields enclosed by brackets "[]" replaced with your own identifying 17 * information: Portions Copyright [yyyy] [name of copyright owner] 18 * 19 * CDDL HEADER END 20 */ 21 /* 22 * Copyright 2009 Sun Microsystems, Inc. All rights reserved. 23 * Use is subject to license terms. 24 */ 25 26 /* opaque type to support non-ASCII strings */ 27 typedef string idmap_utf8str<>; 28 typedef idmap_utf8str idmap_utf8str_list<>; 29 30 /* Return status */ 31 typedef int idmap_retcode; 32 33 /* Identity types */ 34 enum idmap_id_type { 35 IDMAP_NONE = 0, 36 IDMAP_UID = 1, 37 IDMAP_GID, 38 IDMAP_SID, 39 IDMAP_USID, 40 IDMAP_GSID, 41 IDMAP_POSIXID 42 }; 43 44 /* The type of ID mapping */ 45 enum idmap_map_type { 46 IDMAP_MAP_TYPE_UNKNOWN = 0, 47 IDMAP_MAP_TYPE_DS_AD, 48 IDMAP_MAP_TYPE_DS_NLDAP, 49 IDMAP_MAP_TYPE_RULE_BASED, 50 IDMAP_MAP_TYPE_EPHEMERAL, 51 IDMAP_MAP_TYPE_LOCAL_SID, 52 IDMAP_MAP_TYPE_KNOWN_SID 53 }; 54 55 56 /* Source of ID mapping */ 57 enum idmap_map_src { 58 IDMAP_MAP_SRC_UNKNOWN = 0, 59 IDMAP_MAP_SRC_NEW, 60 IDMAP_MAP_SRC_CACHE, 61 IDMAP_MAP_SRC_HARD_CODED, 62 IDMAP_MAP_SRC_ALGORITHMIC 63 }; 64 65 66 /* SID */ 67 struct idmap_sid { 68 string prefix<>; 69 uint32_t rid; 70 }; 71 72 /* Identity (sid-posix) */ 73 union idmap_id switch(idmap_id_type idtype) { 74 case IDMAP_UID: uint32_t uid; 75 case IDMAP_GID: uint32_t gid; 76 case IDMAP_SID: idmap_sid sid; 77 case IDMAP_USID: idmap_sid usid; 78 case IDMAP_GSID: idmap_sid gsid; 79 case IDMAP_NONE: void; 80 case IDMAP_POSIXID: void; 81 }; 82 83 84 /* Name-based mapping rules */ 85 struct idmap_namerule { 86 bool is_user; 87 bool is_wuser; 88 int direction; 89 idmap_utf8str windomain; 90 idmap_utf8str winname; 91 idmap_utf8str unixname; 92 bool is_nt4; 93 }; 94 struct idmap_namerules_res { 95 idmap_retcode retcode; 96 uint64_t lastrowid; 97 idmap_namerule rules<>; 98 }; 99 100 /* How ID is mapped */ 101 struct idmap_how_ds_based { 102 idmap_utf8str dn; 103 idmap_utf8str attr; 104 idmap_utf8str value; 105 }; 106 107 union idmap_how switch(idmap_map_type map_type) { 108 case IDMAP_MAP_TYPE_UNKNOWN: void; 109 case IDMAP_MAP_TYPE_DS_AD: idmap_how_ds_based ad; 110 case IDMAP_MAP_TYPE_DS_NLDAP: idmap_how_ds_based nldap; 111 case IDMAP_MAP_TYPE_RULE_BASED: idmap_namerule rule; 112 case IDMAP_MAP_TYPE_EPHEMERAL: void; 113 case IDMAP_MAP_TYPE_LOCAL_SID: void; 114 case IDMAP_MAP_TYPE_KNOWN_SID: void; 115 }; 116 117 struct idmap_info { 118 idmap_map_src src; 119 idmap_how how; 120 }; 121 122 123 /* Id result */ 124 struct idmap_id_res { 125 idmap_retcode retcode; 126 idmap_id id; 127 int direction; 128 idmap_info info; 129 }; 130 struct idmap_ids_res { 131 idmap_retcode retcode; 132 idmap_id_res ids<>; 133 }; 134 135 136 /* 137 * Flag supported by mapping requests 138 */ 139 140 /* Don't allocate a new value for the mapping */ 141 const IDMAP_REQ_FLG_NO_NEW_ID_ALLOC = 0x00000001; 142 143 /* Validate the given identity before mapping */ 144 const IDMAP_REQ_FLG_VALIDATE = 0x00000002; 145 146 /* Avoid name service lookups to prevent looping */ 147 const IDMAP_REQ_FLG_NO_NAMESERVICE = 0x00000004; 148 149 /* Request how a mapping was formed */ 150 const IDMAP_REQ_FLG_MAPPING_INFO = 0x00000008; 151 152 /* 153 * This libidmap only flag is defined in idmap.h 154 * It enables use of the libidmap cache 155 * const IDMAP_REQ_FLG_USE_CACHE = 0x00000010; 156 */ 157 158 /* Request mapping for well-known or local SIDs only */ 159 const IDMAP_REQ_FLG_WK_OR_LOCAL_SIDS_ONLY = 0x00000020; 160 161 162 /* 163 * Mapping direction definitions 164 */ 165 const IDMAP_DIRECTION_UNDEF = -1; /* not defined */ 166 const IDMAP_DIRECTION_BI = 0; /* bi-directional */ 167 const IDMAP_DIRECTION_W2U = 1; /* windows to unix only */ 168 const IDMAP_DIRECTION_U2W = 2; /* unix to windows only */ 169 170 171 /* Identity mappings (sid-posix) */ 172 struct idmap_mapping { 173 int32_t flag; 174 int direction; 175 idmap_id id1; 176 idmap_utf8str id1domain; 177 idmap_utf8str id1name; 178 idmap_id id2; 179 idmap_utf8str id2domain; 180 idmap_utf8str id2name; 181 idmap_info info; 182 }; 183 184 typedef idmap_mapping idmap_mapping_batch<>; 185 186 struct idmap_mappings_res { 187 idmap_retcode retcode; 188 uint64_t lastrowid; 189 idmap_mapping mappings<>; 190 }; 191 192 193 /* Update result */ 194 struct idmap_update_res { 195 idmap_retcode retcode; 196 int64_t error_index; 197 idmap_namerule error_rule; 198 idmap_namerule conflict_rule; 199 }; 200 201 /* Update requests */ 202 enum idmap_opnum { 203 OP_NONE = 0, 204 OP_ADD_NAMERULE = 1, 205 OP_RM_NAMERULE = 2, 206 OP_FLUSH_NAMERULES = 3 207 }; 208 union idmap_update_op switch(idmap_opnum opnum) { 209 case OP_ADD_NAMERULE: 210 case OP_RM_NAMERULE: 211 idmap_namerule rule; 212 default: 213 void; 214 }; 215 typedef idmap_update_op idmap_update_batch<>; 216 217 const AD_DISC_MAXHOSTNAME = 256; 218 219 #ifndef _KERNEL 220 struct idmap_ad_disc_ds_t { 221 int port; 222 int priority; 223 int weight; 224 char host[AD_DISC_MAXHOSTNAME]; 225 }; 226 227 228 /* get-prop, set-prop */ 229 enum idmap_prop_type { 230 PROP_UNKNOWN = 0, 231 PROP_LIST_SIZE_LIMIT = 1, 232 PROP_DEFAULT_DOMAIN = 2, /* default domain name */ 233 PROP_DOMAIN_NAME = 3, /* AD domain name */ 234 PROP_MACHINE_SID = 4, /* machine sid */ 235 PROP_DOMAIN_CONTROLLER = 5, /* domain controller hosts */ 236 PROP_FOREST_NAME = 6, /* forest name */ 237 PROP_SITE_NAME = 7, /* site name */ 238 PROP_GLOBAL_CATALOG = 8, /* global catalog hosts */ 239 PROP_AD_UNIXUSER_ATTR = 9, 240 PROP_AD_UNIXGROUP_ATTR = 10, 241 PROP_NLDAP_WINNAME_ATTR = 11, 242 PROP_DS_NAME_MAPPING_ENABLED = 12 243 }; 244 245 union idmap_prop_val switch(idmap_prop_type prop) { 246 case PROP_LIST_SIZE_LIMIT: 247 uint64_t intval; 248 case PROP_DEFAULT_DOMAIN: 249 case PROP_DOMAIN_NAME: 250 case PROP_MACHINE_SID: 251 case PROP_FOREST_NAME: 252 case PROP_SITE_NAME: 253 case PROP_AD_UNIXUSER_ATTR: 254 case PROP_AD_UNIXGROUP_ATTR: 255 case PROP_NLDAP_WINNAME_ATTR: 256 idmap_utf8str utf8val; 257 case PROP_DS_NAME_MAPPING_ENABLED: 258 bool boolval; 259 case PROP_DOMAIN_CONTROLLER: 260 case PROP_GLOBAL_CATALOG: 261 idmap_ad_disc_ds_t dsval; 262 default: 263 void; 264 }; 265 266 struct idmap_prop_res { 267 idmap_retcode retcode; 268 idmap_prop_val value; 269 bool auto_discovered; 270 }; 271 #endif 272 273 /* 274 * Represents an error from the directory lookup service. 275 * 276 * code is an ASCII string that is a key for the error. It is not 277 * localized. 278 * 279 * fmt is a format string with %n markers for where to include 280 * params[n-1]. It should be, but NEEDSWORK is not localized to 281 * the caller's locale. 282 * 283 * params is a list of parameters for the error - e.g. the name that 284 * encountered a failure, the server that reported the failure, et cetera. 285 * The values are to be used both as marked in fmt and for machine 286 * interpretation of the error. 287 */ 288 struct directory_error_rpc { 289 idmap_utf8str code; 290 idmap_utf8str fmt; 291 idmap_utf8str params<>; 292 }; 293 294 /* 295 * One value of a multivalued attribute. 296 */ 297 typedef opaque directory_value_rpc<>; 298 299 /* 300 * The value of an attribute, if found. Note that this is a list 301 * of directory_value_rpc objects, to support multivalued attributes. 302 */ 303 union directory_values_rpc switch (bool found) { 304 case TRUE: 305 directory_value_rpc values<>; 306 case FALSE: 307 void; 308 }; 309 310 /* 311 * The status of the lookup for any particular identifier. 312 */ 313 enum directory_lookup_status_rpc { 314 DIRECTORY_NOT_FOUND = 0, 315 DIRECTORY_FOUND = 1, 316 DIRECTORY_ERROR = 2 317 }; 318 319 /* 320 * This is the data returned for a particular identifier, either a 321 * list of attribute values or an error. 322 */ 323 union directory_entry_rpc switch (directory_lookup_status_rpc status) { 324 case DIRECTORY_NOT_FOUND: 325 void; 326 case DIRECTORY_FOUND: 327 directory_values_rpc attrs<>; 328 case DIRECTORY_ERROR: 329 directory_error_rpc err; 330 }; 331 332 /* 333 * This is the result from a request, either a list of the entries for 334 * the identifiers specified, or an error. 335 */ 336 union directory_results_rpc switch (bool failed) { 337 case TRUE: 338 directory_error_rpc err; 339 case FALSE: 340 directory_entry_rpc entries<>; 341 }; 342 343 program IDMAP_PROG { 344 version IDMAP_V1 { 345 void 346 IDMAP_NULL(void) = 0; 347 348 /* Batch of requests to get mapped identities */ 349 idmap_ids_res 350 IDMAP_GET_MAPPED_IDS(idmap_mapping_batch batch) = 1; 351 352 /* List all identity mappings */ 353 idmap_mappings_res 354 IDMAP_LIST_MAPPINGS(int64_t lastrowid, 355 uint64_t limit, int32_t flag) = 2; 356 357 /* List all name-based mapping rules */ 358 idmap_namerules_res 359 IDMAP_LIST_NAMERULES(idmap_namerule rule, 360 uint64_t lastrowid, uint64_t limit) = 3; 361 362 /* Batch of update requests */ 363 idmap_update_res 364 IDMAP_UPDATE(idmap_update_batch batch) = 4; 365 366 /* Get mapped identity by name */ 367 idmap_mappings_res 368 IDMAP_GET_MAPPED_ID_BY_NAME(idmap_mapping request) = 5; 369 370 #ifndef _KERNEL 371 /* Get configuration property */ 372 idmap_prop_res 373 IDMAP_GET_PROP(idmap_prop_type) = 6; 374 #endif 375 /* 376 * Retrieve directory information about a list of users 377 * or groups by name or SID. 378 * 379 * ids is a list of user names, group names, or SIDs. 380 * 381 * types is a list of types of the ids in the id list. 382 * If the type list is shorter than the id list, the last 383 * type listed applies to all of the ids from that point. 384 * The defined types are: 385 * 'n' - name (could be user or group) 386 * 'u' - user 387 * 'g' - group 388 * 's' - SID 389 * 390 * attrs is a list of attribute names to retrieve. 391 */ 392 directory_results_rpc DIRECTORY_GET_COMMON( 393 idmap_utf8str_list ids, 394 idmap_utf8str types, 395 idmap_utf8str_list attrs) = 7; 396 397 } = 1; 398 } = 100172; 399