1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
|
/*
* CDDL HEADER START
*
* The contents of this file are subject to the terms of the
* Common Development and Distribution License (the "License").
* You may not use this file except in compliance with the License.
*
* You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
* or http://www.opensolaris.org/os/licensing.
* See the License for the specific language governing permissions
* and limitations under the License.
*
* When distributing Covered Code, include this CDDL HEADER in each
* file and include the License file at usr/src/OPENSOLARIS.LICENSE.
* If applicable, add the following below this CDDL HEADER, with the
* fields enclosed by brackets "[]" replaced with your own identifying
* information: Portions Copyright [yyyy] [name of copyright owner]
*
* CDDL HEADER END
*/
/*
* Copyright (c) 2007, 2010, Oracle and/or its affiliates. All rights reserved.
*/
%#if defined(_KERNEL)
%#include <sys/nvpair.h>
%#else
%#include <libnvpair.h>
%#endif
/*
* XDR support for nvlist_t. libnvpair includes support for serializing
* an nvlist, but does not include any direct XDR plug-in support. Support
* is made trickier by the fact that on read xdr_pointer() wants to allocate
* structures on its own, even when there's a custom xdr_*() function for
* the structure. nvlist_unpack *also* wants to allocate the nvlist_t,
* and it seems wrong to burn sizeof(nvlist_t) into the program binary.
*
* Another possibility is to use opaque<> in this declaration, but that
* requires moving part of the encoding (the interaction with nvlist_pack
* and nvlist_unpack) out into the application, instead of keeping it
* all encapsulated in this layer.
*
* The resolution here is to put an nvlist_t * into a new typedef, and have
* *that* typedef have a custom xdr_*() function. xdr allocates space for
* the pointer, but leaves all initialization of it nvlist_t *) to the
* custom function.
*/
#if defined(RPC_HDR)
%typedef nvlist_t *nvlist_t_ptr;
#endif
#if defined(RPC_XDR)
%#if !defined(_KERNEL)
%#include <string.h>
%#include <stdio.h>
%#endif
%
%bool_t
%xdr_nvlist_t_ptr(XDR *xdrs, nvlist_t_ptr *n)
%{
% char *buf;
% u_int len;
% bool_t ret;
% int err;
% size_t sz;
% bool_t present;
%
% switch (xdrs->x_op) {
% case XDR_DECODE:
% if (!xdr_bool(xdrs, &present))
% return (FALSE);
% if (!present) {
% *n = NULL;
% return (TRUE);
% }
% buf = NULL;
% if (!xdr_bytes(xdrs, &buf, &len, ~0))
% return (FALSE);
%
% err = nvlist_unpack(buf, (size_t)len, n, 0);
%#if defined(_KERNEL)
% kmem_free(buf, len);
%#else
% free(buf);
%#endif
%
% if (err != 0) {
%#if !defined(_KERNEL)
% fprintf(stderr, "xdr_nvlist_t unpack: %s\n",
% strerror(err));
%#endif
% return (FALSE);
% }
% return (TRUE);
%
% case XDR_ENCODE:
% present = (*n != NULL);
% if (!xdr_bool(xdrs, &present))
% return (FALSE);
% if (!present)
% return (TRUE);
% buf = NULL;
% err = nvlist_pack(*n, &buf, &sz, NV_ENCODE_XDR, 0);
% if (err != 0) {
%#if !defined(_KERNEL)
% fprintf(stderr, "xdr_nvlist_t pack: %s\n",
% strerror(err));
%#endif
% return (FALSE);
% }
%
% /* nvlist_pack() and xdr_bytes() want different types */
% len = (u_int) sz;
%
% ret = xdr_bytes(xdrs, &buf, &len, ~0);
%#if defined(_KERNEL)
% kmem_free(buf, len);
%#else
% free(buf);
%#endif
%
% return (ret);
%
% case XDR_FREE:
% if (*n != NULL) {
% nvlist_free(*n);
% *n = NULL;
% }
% return (TRUE);
%
% default:
% return (FALSE);
% }
%}
#endif
/* opaque type to support non-ASCII strings */
typedef string idmap_utf8str<>;
typedef idmap_utf8str idmap_utf8str_list<>;
/* Return status */
typedef int idmap_retcode;
/* Identity types */
enum idmap_id_type {
IDMAP_NONE = 0,
IDMAP_UID = 1,
IDMAP_GID,
IDMAP_SID,
IDMAP_USID,
IDMAP_GSID,
IDMAP_POSIXID
};
/* The type of ID mapping */
enum idmap_map_type {
IDMAP_MAP_TYPE_UNKNOWN = 0,
IDMAP_MAP_TYPE_DS_AD,
IDMAP_MAP_TYPE_DS_NLDAP,
IDMAP_MAP_TYPE_RULE_BASED,
IDMAP_MAP_TYPE_EPHEMERAL,
IDMAP_MAP_TYPE_LOCAL_SID,
IDMAP_MAP_TYPE_KNOWN_SID,
IDMAP_MAP_TYPE_IDMU
};
/* Source of ID mapping */
enum idmap_map_src {
IDMAP_MAP_SRC_UNKNOWN = 0,
IDMAP_MAP_SRC_NEW,
IDMAP_MAP_SRC_CACHE,
IDMAP_MAP_SRC_HARD_CODED,
IDMAP_MAP_SRC_ALGORITHMIC
};
/* SID */
struct idmap_sid {
string prefix<>;
uint32_t rid;
};
/* Identity (sid-posix) */
union idmap_id switch(idmap_id_type idtype) {
case IDMAP_UID: uint32_t uid;
case IDMAP_GID: uint32_t gid;
case IDMAP_SID: idmap_sid sid;
case IDMAP_USID: idmap_sid usid;
case IDMAP_GSID: idmap_sid gsid;
case IDMAP_NONE: void;
case IDMAP_POSIXID: void;
};
/* Name-based mapping rules */
struct idmap_namerule {
bool is_user;
bool is_wuser;
int direction;
idmap_utf8str windomain;
idmap_utf8str winname;
idmap_utf8str unixname;
bool is_nt4;
};
struct idmap_namerules_res {
idmap_retcode retcode;
uint64_t lastrowid;
idmap_namerule rules<>;
};
/* How ID is mapped */
struct idmap_how_ds_based {
idmap_utf8str dn;
idmap_utf8str attr;
idmap_utf8str value;
};
union idmap_how switch(idmap_map_type map_type) {
case IDMAP_MAP_TYPE_UNKNOWN: void;
case IDMAP_MAP_TYPE_DS_AD: idmap_how_ds_based ad;
case IDMAP_MAP_TYPE_DS_NLDAP: idmap_how_ds_based nldap;
case IDMAP_MAP_TYPE_RULE_BASED: idmap_namerule rule;
case IDMAP_MAP_TYPE_EPHEMERAL: void;
case IDMAP_MAP_TYPE_LOCAL_SID: void;
case IDMAP_MAP_TYPE_KNOWN_SID: void;
case IDMAP_MAP_TYPE_IDMU: idmap_how_ds_based idmu;
};
struct idmap_info {
idmap_map_src src;
idmap_how how;
nvlist_t_ptr trace;
};
/* Id result */
struct idmap_id_res {
idmap_retcode retcode;
idmap_id id;
int direction;
idmap_info info;
};
struct idmap_ids_res {
idmap_retcode retcode;
idmap_id_res ids<>;
};
/*
* Flag supported by mapping requests
*/
/* Don't allocate a new value for the mapping */
const IDMAP_REQ_FLG_NO_NEW_ID_ALLOC = 0x00000001;
/* Validate the given identity before mapping */
const IDMAP_REQ_FLG_VALIDATE = 0x00000002;
/* Avoid name service lookups to prevent looping */
const IDMAP_REQ_FLG_NO_NAMESERVICE = 0x00000004;
/* Request how a mapping was formed */
const IDMAP_REQ_FLG_MAPPING_INFO = 0x00000008;
/*
* This libidmap only flag is defined in idmap.h
* It enables use of the libidmap cache
* const IDMAP_REQ_FLG_USE_CACHE = 0x00000010;
*/
/* Request mapping for well-known or local SIDs only */
const IDMAP_REQ_FLG_WK_OR_LOCAL_SIDS_ONLY = 0x00000020;
/* Request trace of mapping process */
const IDMAP_REQ_FLG_TRACE = 0x00000040;
/*
* Mapping direction definitions
*/
const IDMAP_DIRECTION_UNDEF = -1; /* not defined */
const IDMAP_DIRECTION_BI = 0; /* bi-directional */
const IDMAP_DIRECTION_W2U = 1; /* windows to unix only */
const IDMAP_DIRECTION_U2W = 2; /* unix to windows only */
/* Identity mappings (sid-posix) */
struct idmap_mapping {
int32_t flag;
int direction;
idmap_id id1;
idmap_utf8str id1domain;
idmap_utf8str id1name;
idmap_id id2;
idmap_utf8str id2domain;
idmap_utf8str id2name;
idmap_info info;
};
typedef idmap_mapping idmap_mapping_batch<>;
#ifndef IDMAP_XDR_MAPPING_ONLY
struct idmap_mappings_res {
idmap_retcode retcode;
uint64_t lastrowid;
idmap_mapping mappings<>;
};
/* Update result */
struct idmap_update_res {
idmap_retcode retcode;
int64_t error_index;
idmap_namerule error_rule;
idmap_namerule conflict_rule;
};
/* Update requests */
enum idmap_opnum {
OP_NONE = 0,
OP_ADD_NAMERULE = 1,
OP_RM_NAMERULE = 2,
OP_FLUSH_NAMERULES = 3
};
union idmap_update_op switch(idmap_opnum opnum) {
case OP_ADD_NAMERULE:
case OP_RM_NAMERULE:
idmap_namerule rule;
default:
void;
};
typedef idmap_update_op idmap_update_batch<>;
const AD_DISC_MAXHOSTNAME = 256;
struct idmap_ad_disc_ds_t {
int port;
int priority;
int weight;
char host[AD_DISC_MAXHOSTNAME];
};
/* get-prop, set-prop */
enum idmap_prop_type {
PROP_UNKNOWN = 0,
PROP_LIST_SIZE_LIMIT = 1,
PROP_DEFAULT_DOMAIN = 2, /* default domain name */
PROP_DOMAIN_NAME = 3, /* AD domain name */
PROP_MACHINE_SID = 4, /* machine sid */
PROP_DOMAIN_CONTROLLER = 5, /* domain controller hosts */
PROP_FOREST_NAME = 6, /* forest name */
PROP_SITE_NAME = 7, /* site name */
PROP_GLOBAL_CATALOG = 8, /* global catalog hosts */
PROP_AD_UNIXUSER_ATTR = 9,
PROP_AD_UNIXGROUP_ATTR = 10,
PROP_NLDAP_WINNAME_ATTR = 11,
PROP_DIRECTORY_BASED_MAPPING = 12
};
union idmap_prop_val switch(idmap_prop_type prop) {
case PROP_LIST_SIZE_LIMIT:
uint64_t intval;
case PROP_DEFAULT_DOMAIN:
case PROP_DOMAIN_NAME:
case PROP_MACHINE_SID:
case PROP_FOREST_NAME:
case PROP_SITE_NAME:
case PROP_AD_UNIXUSER_ATTR:
case PROP_AD_UNIXGROUP_ATTR:
case PROP_NLDAP_WINNAME_ATTR:
case PROP_DIRECTORY_BASED_MAPPING:
idmap_utf8str utf8val;
case PROP_DOMAIN_CONTROLLER:
case PROP_GLOBAL_CATALOG:
idmap_ad_disc_ds_t dsval;
default:
void;
};
struct idmap_prop_res {
idmap_retcode retcode;
idmap_prop_val value;
bool auto_discovered;
};
enum idmap_flush_op {
IDMAP_FLUSH_EXPIRE = 0,
IDMAP_FLUSH_DELETE = 1
};
/*
* Represents an error from the directory lookup service.
*
* code is an ASCII string that is a key for the error. It is not
* localized.
*
* fmt is a format string with %n markers for where to include
* params[n-1]. It should be, but NEEDSWORK is not localized to
* the caller's locale.
*
* params is a list of parameters for the error - e.g. the name that
* encountered a failure, the server that reported the failure, et cetera.
* The values are to be used both as marked in fmt and for machine
* interpretation of the error.
*/
struct directory_error_rpc {
idmap_utf8str code;
idmap_utf8str fmt;
idmap_utf8str params<>;
};
/*
* One value of a multivalued attribute.
*/
typedef opaque directory_value_rpc<>;
/*
* The value of an attribute, if found. Note that this is a list
* of directory_value_rpc objects, to support multivalued attributes.
*/
union directory_values_rpc switch (bool found) {
case TRUE:
directory_value_rpc values<>;
case FALSE:
void;
};
/*
* The status of the lookup for any particular identifier.
*/
enum directory_lookup_status_rpc {
DIRECTORY_NOT_FOUND = 0,
DIRECTORY_FOUND = 1,
DIRECTORY_ERROR = 2
};
/*
* This is the data returned for a particular identifier, either a
* list of attribute values or an error.
*/
union directory_entry_rpc switch (directory_lookup_status_rpc status) {
case DIRECTORY_NOT_FOUND:
void;
case DIRECTORY_FOUND:
directory_values_rpc attrs<>;
case DIRECTORY_ERROR:
directory_error_rpc err;
};
/*
* This is the result from a request, either a list of the entries for
* the identifiers specified, or an error.
*/
union directory_results_rpc switch (bool failed) {
case TRUE:
directory_error_rpc err;
case FALSE:
directory_entry_rpc entries<>;
};
#endif /* IDMAP_XDR_MAPPING_ONLY */
program IDMAP_PROG {
version IDMAP_V1 {
#ifndef IDMAP_XDR_MAPPING_ONLY
void
IDMAP_NULL(void) = 0;
#endif /* IDMAP_XDR_MAPPING_ONLY */
/* Batch of requests to get mapped identities */
idmap_ids_res
IDMAP_GET_MAPPED_IDS(idmap_mapping_batch batch) = 1;
#ifndef IDMAP_XDR_MAPPING_ONLY
/* List all identity mappings */
idmap_mappings_res
IDMAP_LIST_MAPPINGS(int64_t lastrowid,
uint64_t limit, int32_t flag) = 2;
/* List all name-based mapping rules */
idmap_namerules_res
IDMAP_LIST_NAMERULES(idmap_namerule rule,
uint64_t lastrowid, uint64_t limit) = 3;
/* Batch of update requests */
idmap_update_res
IDMAP_UPDATE(idmap_update_batch batch) = 4;
/* Get mapped identity by name */
idmap_mappings_res
IDMAP_GET_MAPPED_ID_BY_NAME(idmap_mapping request) = 5;
/* Get configuration property */
idmap_prop_res
IDMAP_GET_PROP(idmap_prop_type) = 6;
/*
* Retrieve directory information about a list of users
* or groups by name or SID.
*
* ids is a list of user names, group names, or SIDs.
*
* types is a list of types of the ids in the id list.
* If the type list is shorter than the id list, the last
* type listed applies to all of the ids from that point.
* The defined types are:
* 'n' - name (could be user or group)
* 'u' - user
* 'g' - group
* 's' - SID
*
* attrs is a list of attribute names to retrieve.
*/
directory_results_rpc DIRECTORY_GET_COMMON(
idmap_utf8str_list ids,
idmap_utf8str types,
idmap_utf8str_list attrs) = 7;
idmap_retcode
IDMAP_FLUSH(idmap_flush_op) = 8;
#endif /* IDMAP_XDR_MAPPING_ONLY */
} = 1;
} = 100172;
|
