/usr/include/dirsrv/winsync-plugin.h is in 389-ds-base-dev 1.3.7.10-1ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 | /** BEGIN COPYRIGHT BLOCK
* Copyright (C) 2008 Red Hat, Inc.
* All rights reserved.
*
* License: GPL (version 3 or any later version).
* See LICENSE for details.
* END COPYRIGHT BLOCK **/
#ifndef WINSYNC_PLUGIN_PUBLIC_API
#define WINSYNC_PLUGIN_PUBLIC_API
/* windows_private.c */
#include "slapi-plugin.h"
/*
* WinSync plug-in API
*/
#define WINSYNC_v1_0_GUID "CDA8F029-A3C6-4EBB-80B8-A2E183DB0481"
#define WINSYNC_v2_0_GUID "706B83AA-FC51-444A-ACC9-53DC73D641D4"
#define WINSYNC_v3_0_GUID "6D7C2E54-638C-4564-B53F-D9C5354DEBA0"
/*
* This callback is called when a winsync agreement is created.
* The ds_subtree and ad_subtree from the agreement are read-only.
* The callback can allocate some private data to return. If so
* the callback must define a winsync_plugin_destroy_agmt_cb so
* that the private data can be freed. This private data is passed
* to every other callback function as the void *cookie argument.
*/
typedef void *(*winsync_plugin_init_cb)(const Slapi_DN *ds_subtree, const Slapi_DN *ad_subtree);
#define WINSYNC_PLUGIN_INIT_CB 1
#define WINSYNC_PLUGIN_VERSION_1_BEGIN WINSYNC_PLUGIN_INIT_CB
/* agmt_dn - const - the original AD base dn from the winsync agreement
scope - set directly e.g. *scope = 42;
base, filter - malloced - to set, free first e.g.
slapi_ch_free_string(filter);
*base = slapi_ch_strdup("(objectclass=foobar)");
winsync code will use slapi_ch_free_string to free this value, so no static strings
attrs - NULL or null terminated array of strings - can use slapi_ch_array_add to add e.g.
slapi_ch_array_add(attrs, slapi_ch_strdup("myattr"));
attrs will be freed with slapi_ch_array_free, so caller must own the memory
serverctrls - NULL or null terminated array of LDAPControl* - can use slapi_add_control_ext to add
slapi_add_control_ext(serverctrls, mynewctrl, 1 / add a copy /);
serverctrls will be freed with ldap_controls_free, so caller must own memory
*/
typedef void (*winsync_search_params_cb)(void *cookie, const char *agmt_dn, char **base, int *scope, char **filter, char ***attrs, LDAPControl ***serverctrls);
#define WINSYNC_PLUGIN_DIRSYNC_SEARCH_CB 2 /* serverctrls will already contain the DirSync control */
#define WINSYNC_PLUGIN_PRE_AD_SEARCH_CB 3
#define WINSYNC_PLUGIN_PRE_DS_SEARCH_ENTRY_CB 4
#define WINSYNC_PLUGIN_PRE_DS_SEARCH_ALL_CB 5
/*
* These callbacks are the main entry points that allow the plugin
* to intercept modifications to local and remote entries.
* rawentry - the raw AD entry, read directly from AD - this is read only
* ad_entry - the "cooked" AD entry - the DN in this entry should be set
* when the operation is to modify the AD entry
* ds_entry - the entry from the ds - the DN in this entry should be set
* when the operation is to modify the DS entry
* smods - the post-processing modifications - these should be modified
* by the plugin as needed
* do_modify - if the code has some modifications that need to be applied, this
* will be set to true - if the plugin has added some items to smods
* this should be set to true - if the plugin has removed all of
* the smods, and no operation should be performed, this should
* be set to false
*/
typedef void (*winsync_pre_mod_cb)(void *cookie, const Slapi_Entry *rawentry, Slapi_Entry *ad_entry, Slapi_Entry *ds_entry, Slapi_Mods *smods, int *do_modify);
#define WINSYNC_PLUGIN_PRE_AD_MOD_USER_CB 6
#define WINSYNC_PLUGIN_PRE_AD_MOD_GROUP_CB 7
#define WINSYNC_PLUGIN_PRE_DS_MOD_USER_CB 8
#define WINSYNC_PLUGIN_PRE_DS_MOD_GROUP_CB 9
/*
* These callbacks are called when a new entry is being added to the
* local directory server from AD.
* rawentry - the raw AD entry, read directly from AD - this is read only
* ad_entry - the "cooked" AD entry
* ds_entry - the entry to be added to the DS - all modifications should
* be made to this entry, including changing the DN if needed,
* since the DN of this entry will be used as the ADD target DN
* This entry will already have had the default schema mapping applied
*/
typedef void (*winsync_pre_add_cb)(void *cookie, const Slapi_Entry *rawentry, Slapi_Entry *ad_entry, Slapi_Entry *ds_entry);
#define WINSYNC_PLUGIN_PRE_DS_ADD_USER_CB 10
#define WINSYNC_PLUGIN_PRE_DS_ADD_GROUP_CB 11
/*
* If a new entry has been added to AD, and we're sync'ing it over
* to the DS, we may need to create a new DN for the entry. The
* code tries to come up with a reasonable DN, but the plugin may
* have different ideas. These callbacks allow the plugin to specify
* what the new DN for the new entry should be. This is called from
* map_entry_dn_inbound which is called from various places where the DN for
* the new entry is needed. The winsync_plugin_call_pre_ds_add_* callbacks
* can also be used to set the DN just before the entry is stored in the DS.
* This is also used when we are mapping a dn valued attribute e.g. owner
* or secretary
* rawentry - the raw AD entry, read directly from AD - this is read only
* ad_entry - the "cooked" AD entry
* new_dn_string - the given value will be the default value created by the sync code
* to change it, slapi_ch_free_string first, then malloc the value to use
* ds_suffix - the suffix from the DS side of the sync agreement
* ad_suffix - the suffix from the AD side of the sync agreement
*/
typedef void (*winsync_get_new_dn_cb)(void *cookie, const Slapi_Entry *rawentry, Slapi_Entry *ad_entry, char **new_dn_string, const Slapi_DN *ds_suffix, const Slapi_DN *ad_suffix);
#define WINSYNC_PLUGIN_GET_NEW_DS_USER_DN_CB 12
#define WINSYNC_PLUGIN_GET_NEW_DS_GROUP_DN_CB 13
/*
* These callbacks are called when a mod operation is going to be replayed
* to AD. This case is different than the pre add or pre mod callbacks
* above because in this context, we may only have the list of modifications
* and the DN to which the mods were applied.
* rawentry - the raw AD entry, read directly from AD - may be NULL
* local_dn - the original local DN used in the modification
* ds_entry - the current DS entry that has the operation nsUniqueID
* origmods - the original mod list
* remote_dn - this is the DN which will be used with the remote modify operation
* to AD - the winsync code may have already attempted to calculate its value
* modstosend - this is the list of modifications which will be sent - the winsync
* code will already have done its default mapping to these values
*
*/
typedef void (*winsync_pre_ad_mod_mods_cb)(void *cookie, const Slapi_Entry *rawentry, const Slapi_DN *local_dn, const Slapi_Entry *ds_entry, LDAPMod *const *origmods, Slapi_DN *remote_dn, LDAPMod ***modstosend);
#define WINSYNC_PLUGIN_PRE_AD_MOD_USER_MODS_CB 14
#define WINSYNC_PLUGIN_PRE_AD_MOD_GROUP_MODS_CB 15
/*
* Callbacks used to determine if an entry should be added to the
* AD side if it does not already exist.
* local_entry - the candidate entry to test
* remote_DN - the candidate remote entry to add
*/
typedef int (*winsync_can_add_to_ad_cb)(void *cookie, const Slapi_Entry *local_entry, const Slapi_DN *remote_dn);
#define WINSYNC_PLUGIN_CAN_ADD_ENTRY_TO_AD_CB 16
/*
* Callbacks called at begin and end of update
*
* The ds subtree and the ad subtree from the sync agreement are passed in.
* These are read only.
* is_total will be true if this is a total update, or false if this
* is an incremental update
*/
typedef void (*winsync_plugin_update_cb)(void *cookie, const Slapi_DN *ds_subtree, const Slapi_DN *ad_subtree, int is_total);
#define WINSYNC_PLUGIN_BEGIN_UPDATE_CB 17
#define WINSYNC_PLUGIN_END_UPDATE_CB 18
/*
* Callbacks called when the agreement is destroyed.
*
* The ds subtree and the ad subtree from the sync agreement are passed in.
* These are read only.
* The plugin must define this function to free the cookie allocated
* in the init function, if any.
*/
typedef void (*winsync_plugin_destroy_agmt_cb)(void *cookie, const Slapi_DN *ds_subtree, const Slapi_DN *ad_subtree);
#define WINSYNC_PLUGIN_DESTROY_AGMT_CB 19
#define WINSYNC_PLUGIN_VERSION_1_END WINSYNC_PLUGIN_DESTROY_AGMT_CB
/* Functions added for API version 2.0 */
/*
* These callbacks are called after a modify operation. They are called upon both
* success and failure of the modify operation. The plugin is responsible for
* looking at the result code of the modify to decide what action to take. The
* plugin may change the result code e.g. to force an error for an otherwise
* successful operation, or to ignore certain errors.
* rawentry - the raw AD entry, read directly from AD - this is read only
* ad_entry - the "cooked" AD entry - the entry passed to the pre_mod callback
* ds_entry - the entry from the ds - the DS entry passed to the pre_mod callback
* smods - the mods used in the modify operation
* result - the result code from the modify operation - the plugin can change this
*/
typedef void (*winsync_post_mod_cb)(void *cookie, const Slapi_Entry *rawentry, Slapi_Entry *ad_entry, Slapi_Entry *ds_entry, Slapi_Mods *smods, int *result);
#define WINSYNC_PLUGIN_POST_AD_MOD_USER_CB 20
#define WINSYNC_PLUGIN_POST_AD_MOD_GROUP_CB 21
#define WINSYNC_PLUGIN_POST_DS_MOD_USER_CB 22
#define WINSYNC_PLUGIN_POST_DS_MOD_GROUP_CB 23
#define WINSYNC_PLUGIN_VERSION_2_BEGIN WINSYNC_PLUGIN_POST_AD_MOD_USER_CB
/*
* These callbacks are called after an attempt to add a new entry to the
* local directory server from AD. They are called upon success or failure
* of the add attempt. The result code tells if the operation succeeded.
* The plugin may change the result code e.g. to force an error for an
* otherwise successful operation, or to ignore certain errors.
* rawentry - the raw AD entry, read directly from AD - this is read only
* ad_entry - the "cooked" AD entry
* ds_entry - the entry attempted to be added to the DS
* result - the result code from the add operation - plugin may change this
*/
typedef void (*winsync_post_add_cb)(void *cookie, const Slapi_Entry *rawentry, Slapi_Entry *ad_entry, Slapi_Entry *ds_entry, int *result);
#define WINSYNC_PLUGIN_POST_DS_ADD_USER_CB 24
#define WINSYNC_PLUGIN_POST_DS_ADD_GROUP_CB 25
/*
* These callbacks are called when a new entry is being added to AD from
* the local directory server.
* ds_entry - the local DS entry
* ad_entry - the entry to be added to AD - all modifications should
* be made to this entry, including changing the DN if needed,
* since the DN of this entry will be used as the ADD target DN
* This entry will already have had the default schema mapping applied
*/
typedef void (*winsync_pre_ad_add_cb)(void *cookie, Slapi_Entry *ds_entry, Slapi_Entry *ad_entry);
#define WINSYNC_PLUGIN_PRE_AD_ADD_USER_CB 26
#define WINSYNC_PLUGIN_PRE_AD_ADD_GROUP_CB 27
/*
* These callbacks are called after an attempt to add a new entry to AD from
* the local directory server. They are called upon success or failure
* of the add attempt. The result code tells if the operation succeeded.
* The plugin may change the result code e.g. to force an error for an
* otherwise successful operation, or to ignore certain errors.
* ad_entry - the AD entry
* ds_entry - the DS entry
* result - the result code from the add operation - plugin may change this
*/
typedef void (*winsync_post_ad_add_cb)(void *cookie, Slapi_Entry *ds_entry, Slapi_Entry *ad_entry, int *result);
#define WINSYNC_PLUGIN_POST_AD_ADD_USER_CB 28
#define WINSYNC_PLUGIN_POST_AD_ADD_GROUP_CB 29
/*
* These callbacks are called after a mod operation has been replayed
* to AD. This case is different than the pre add or pre mod callbacks
* above because in this context, we may only have the list of modifications
* and the DN to which the mods were applied. If the plugin wants the modified
* entry, the plugin can search for it from AD. The plugin is called upon
* success or failure of the modify operation. The result parameter gives
* the ldap result code of the operation. The plugin may change the result code
* e.g. to force an error for an otherwise successful operation, or to ignore
* certain errors.
* rawentry - the raw AD entry, read directly from AD - may be NULL
* local_dn - the original local DN used in the modification
* ds_entry - the current DS entry that has the operation nsUniqueID
* origmods - the original mod list
* remote_dn - the DN of the AD entry
* modstosend - the mods sent to AD
* result - the result code of the modify operation
*
*/
typedef void (*winsync_post_ad_mod_mods_cb)(void *cookie, const Slapi_Entry *rawentry, const Slapi_DN *local_dn, const Slapi_Entry *ds_entry, LDAPMod *const *origmods, Slapi_DN *remote_dn, LDAPMod **modstosend, int *result);
#define WINSYNC_PLUGIN_POST_AD_MOD_USER_MODS_CB 30
#define WINSYNC_PLUGIN_POST_AD_MOD_GROUP_MODS_CB 31
#define WINSYNC_PLUGIN_VERSION_2_END WINSYNC_PLUGIN_POST_AD_MOD_GROUP_MODS_CB
typedef int (*winsync_plugin_precedence_cb)(void);
#define WINSYNC_PLUGIN_PRECEDENCE_CB 32
#define WINSYNC_PLUGIN_VERSION_3_END WINSYNC_PLUGIN_PRECEDENCE_CB
/* precedence works like regular slapi plugin precedence */
#define WINSYNC_PLUGIN_DEFAULT_PRECEDENCE 50
#endif /* WINSYNC_PLUGIN_PUBLIC_API */
|