Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

source: branches/samba-3.5.x/nsswitch/libwbclient/wbclient.h@ 940

Visit:

Last change on this file since 940 was 414, checked in by Herwig Bauernfeind, 15 years ago
Samba 3.5.0: Initial import
File size: 32.1 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3
4	Winbind client API
5
6	Copyright (C) Gerald (Jerry) Carter 2007
7	Copyright (C) Volker Lendecke 2009
8
9	This library is free software; you can redistribute it and/or
10	modify it under the terms of the GNU Lesser General Public
11	License as published by the Free Software Foundation; either
12	version 3 of the License, or (at your option) any later version.
13
14	This library is distributed in the hope that it will be useful,
15	but WITHOUT ANY WARRANTY; without even the implied warranty of
16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17	Library General Public License for more details.
18
19	You should have received a copy of the GNU Lesser General Public License
20	along with this program. If not, see <http://www.gnu.org/licenses/>.
21	*/
22
23	#ifndef _WBCLIENT_H
24	#define _WBCLIENT_H
25
26	#include <pwd.h>
27	#include <grp.h>
28
29	/* Define error types */
30
31	/**
32	* @brief Status codes returned from wbc functions
33	**/
34
35	enum _wbcErrType {
36	WBC_ERR_SUCCESS = 0, /< Successful completion /
37	WBC_ERR_NOT_IMPLEMENTED,/< Function not implemented /
38	WBC_ERR_UNKNOWN_FAILURE,/< General failure /
39	WBC_ERR_NO_MEMORY, /< Memory allocation error /
40	WBC_ERR_INVALID_SID, /< Invalid SID format /
41	WBC_ERR_INVALID_PARAM, /< An Invalid parameter was supplied /
42	WBC_ERR_WINBIND_NOT_AVAILABLE, /< Winbind daemon is not available /
43	WBC_ERR_DOMAIN_NOT_FOUND, /< Domain is not trusted or cannot be found /
44	WBC_ERR_INVALID_RESPONSE, /< Winbind returned an invalid response /
45	WBC_ERR_NSS_ERROR, /< NSS_STATUS error /
46	WBC_ERR_AUTH_ERROR, /< Authentication failed /
47	WBC_ERR_UNKNOWN_USER, /*< User account cannot be found /
48	WBC_ERR_UNKNOWN_GROUP, /*< Group account cannot be found /
49	WBC_ERR_PWD_CHANGE_FAILED /*< Password Change has failed /
50	};
51
52	typedef enum _wbcErrType wbcErr;
53
54	#define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS)
55
56	const char *wbcErrorString(wbcErr error);
57
58	/**
59	* @brief Some useful details about the wbclient library
60	*
61	* 0.1: Initial version
62	* 0.2: Added wbcRemoveUidMapping()
63	* Added wbcRemoveGidMapping()
64	* 0.3: Added wbcGetpwsid()
65	* Added wbcGetSidAliases()
66	* 0.4: Added wbcSidTypeString()
67	* 0.5: Added wbcChangeTrustCredentials()
68	**/
69	#define WBCLIENT_MAJOR_VERSION 0
70	#define WBCLIENT_MINOR_VERSION 5
71	#define WBCLIENT_VENDOR_VERSION "Samba libwbclient"
72	struct wbcLibraryDetails {
73	uint16_t major_version;
74	uint16_t minor_version;
75	const char *vendor_version;
76	};
77
78	/**
79	* @brief Some useful details about the running winbindd
80	*
81	**/
82	struct wbcInterfaceDetails {
83	uint32_t interface_version;
84	const char *winbind_version;
85	char winbind_separator;
86	const char *netbios_name;
87	const char *netbios_domain;
88	const char *dns_domain;
89	};
90
91	/*
92	* Data types used by the Winbind Client API
93	*/
94
95	#ifndef WBC_MAXSUBAUTHS
96	#define WBC_MAXSUBAUTHS 15 /* max sub authorities in a SID */
97	#endif
98
99	/**
100	* @brief Windows Security Identifier
101	*
102	**/
103
104	struct wbcDomainSid {
105	uint8_t sid_rev_num;
106	uint8_t num_auths;
107	uint8_t id_auth[6];
108	uint32_t sub_auths[WBC_MAXSUBAUTHS];
109	};
110
111	/**
112	* @brief Security Identifier type
113	**/
114
115	enum wbcSidType {
116	WBC_SID_NAME_USE_NONE=0,
117	WBC_SID_NAME_USER=1,
118	WBC_SID_NAME_DOM_GRP=2,
119	WBC_SID_NAME_DOMAIN=3,
120	WBC_SID_NAME_ALIAS=4,
121	WBC_SID_NAME_WKN_GRP=5,
122	WBC_SID_NAME_DELETED=6,
123	WBC_SID_NAME_INVALID=7,
124	WBC_SID_NAME_UNKNOWN=8,
125	WBC_SID_NAME_COMPUTER=9
126	};
127
128	/**
129	* @brief Security Identifier with attributes
130	**/
131
132	struct wbcSidWithAttr {
133	struct wbcDomainSid sid;
134	uint32_t attributes;
135	};
136
137	/* wbcSidWithAttr->attributes */
138
139	#define WBC_SID_ATTR_GROUP_MANDATORY 0x00000001
140	#define WBC_SID_ATTR_GROUP_ENABLED_BY_DEFAULT 0x00000002
141	#define WBC_SID_ATTR_GROUP_ENABLED 0x00000004
142	#define WBC_SID_ATTR_GROUP_OWNER 0x00000008
143	#define WBC_SID_ATTR_GROUP_USEFOR_DENY_ONLY 0x00000010
144	#define WBC_SID_ATTR_GROUP_RESOURCE 0x20000000
145	#define WBC_SID_ATTR_GROUP_LOGON_ID 0xC0000000
146
147	/**
148	* @brief Windows GUID
149	*
150	**/
151
152	struct wbcGuid {
153	uint32_t time_low;
154	uint16_t time_mid;
155	uint16_t time_hi_and_version;
156	uint8_t clock_seq[2];
157	uint8_t node[6];
158	};
159
160	/**
161	* @brief Domain Information
162	**/
163
164	struct wbcDomainInfo {
165	char *short_name;
166	char *dns_name;
167	struct wbcDomainSid sid;
168	uint32_t domain_flags;
169	uint32_t trust_flags;
170	uint32_t trust_type;
171	};
172
173	/* wbcDomainInfo->domain_flags */
174
175	#define WBC_DOMINFO_DOMAIN_UNKNOWN 0x00000000
176	#define WBC_DOMINFO_DOMAIN_NATIVE 0x00000001
177	#define WBC_DOMINFO_DOMAIN_AD 0x00000002
178	#define WBC_DOMINFO_DOMAIN_PRIMARY 0x00000004
179	#define WBC_DOMINFO_DOMAIN_OFFLINE 0x00000008
180
181	/* wbcDomainInfo->trust_flags */
182
183	#define WBC_DOMINFO_TRUST_TRANSITIVE 0x00000001
184	#define WBC_DOMINFO_TRUST_INCOMING 0x00000002
185	#define WBC_DOMINFO_TRUST_OUTGOING 0x00000004
186
187	/* wbcDomainInfo->trust_type */
188
189	#define WBC_DOMINFO_TRUSTTYPE_NONE 0x00000000
190	#define WBC_DOMINFO_TRUSTTYPE_FOREST 0x00000001
191	#define WBC_DOMINFO_TRUSTTYPE_IN_FOREST 0x00000002
192	#define WBC_DOMINFO_TRUSTTYPE_EXTERNAL 0x00000003
193
194
195	/**
196	* @brief Auth User Parameters
197	**/
198
199	struct wbcAuthUserParams {
200	const char *account_name;
201	const char *domain_name;
202	const char *workstation_name;
203
204	uint32_t flags;
205
206	uint32_t parameter_control;
207
208	enum wbcAuthUserLevel {
209	WBC_AUTH_USER_LEVEL_PLAIN = 1,
210	WBC_AUTH_USER_LEVEL_HASH = 2,
211	WBC_AUTH_USER_LEVEL_RESPONSE = 3
212	} level;
213	union {
214	const char *plaintext;
215	struct {
216	uint8_t nt_hash[16];
217	uint8_t lm_hash[16];
218	} hash;
219	struct {
220	uint8_t challenge[8];
221	uint32_t nt_length;
222	uint8_t *nt_data;
223	uint32_t lm_length;
224	uint8_t *lm_data;
225	} response;
226	} password;
227	};
228
229	/**
230	* @brief Generic Blob
231	**/
232
233	struct wbcBlob {
234	uint8_t *data;
235	size_t length;
236	};
237
238	/**
239	* @brief Named Blob
240	**/
241
242	struct wbcNamedBlob {
243	const char *name;
244	uint32_t flags;
245	struct wbcBlob blob;
246	};
247
248	/**
249	* @brief Logon User Parameters
250	**/
251
252	struct wbcLogonUserParams {
253	const char *username;
254	const char *password;
255	size_t num_blobs;
256	struct wbcNamedBlob *blobs;
257	};
258
259	/**
260	* @brief ChangePassword Parameters
261	**/
262
263	struct wbcChangePasswordParams {
264	const char *account_name;
265	const char *domain_name;
266
267	uint32_t flags;
268
269	enum wbcChangePasswordLevel {
270	WBC_CHANGE_PASSWORD_LEVEL_PLAIN = 1,
271	WBC_CHANGE_PASSWORD_LEVEL_RESPONSE = 2
272	} level;
273
274	union {
275	const char *plaintext;
276	struct {
277	uint32_t old_nt_hash_enc_length;
278	uint8_t *old_nt_hash_enc_data;
279	uint32_t old_lm_hash_enc_length;
280	uint8_t *old_lm_hash_enc_data;
281	} response;
282	} old_password;
283	union {
284	const char *plaintext;
285	struct {
286	uint32_t nt_length;
287	uint8_t *nt_data;
288	uint32_t lm_length;
289	uint8_t *lm_data;
290	} response;
291	} new_password;
292	};
293
294	/* wbcAuthUserParams->parameter_control */
295
296	#define WBC_MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x00000002
297	#define WBC_MSV1_0_UPDATE_LOGON_STATISTICS 0x00000004
298	#define WBC_MSV1_0_RETURN_USER_PARAMETERS 0x00000008
299	#define WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x00000020
300	#define WBC_MSV1_0_RETURN_PROFILE_PATH 0x00000200
301	#define WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x00000800
302
303	/* wbcAuthUserParams->flags */
304
305	#define WBC_AUTH_PARAM_FLAGS_INTERACTIVE_LOGON 0x00000001
306
307	/**
308	* @brief Auth User Information
309	*
310	* Some of the strings are maybe NULL
311	**/
312
313	struct wbcAuthUserInfo {
314	uint32_t user_flags;
315
316	char *account_name;
317	char *user_principal;
318	char *full_name;
319	char *domain_name;
320	char *dns_domain_name;
321
322	uint32_t acct_flags;
323	uint8_t user_session_key[16];
324	uint8_t lm_session_key[8];
325
326	uint16_t logon_count;
327	uint16_t bad_password_count;
328
329	uint64_t logon_time;
330	uint64_t logoff_time;
331	uint64_t kickoff_time;
332	uint64_t pass_last_set_time;
333	uint64_t pass_can_change_time;
334	uint64_t pass_must_change_time;
335
336	char *logon_server;
337	char *logon_script;
338	char *profile_path;
339	char *home_directory;
340	char *home_drive;
341
342	/*
343	* the 1st one is the account sid
344	* the 2nd one is the primary_group sid
345	* followed by the rest of the groups
346	*/
347	uint32_t num_sids;
348	struct wbcSidWithAttr *sids;
349	};
350
351	/**
352	* @brief Logon User Information
353	*
354	* Some of the strings are maybe NULL
355	**/
356
357	struct wbcLogonUserInfo {
358	struct wbcAuthUserInfo *info;
359	size_t num_blobs;
360	struct wbcNamedBlob *blobs;
361	};
362
363	/* wbcAuthUserInfo->user_flags */
364
365	#define WBC_AUTH_USER_INFO_GUEST 0x00000001
366	#define WBC_AUTH_USER_INFO_NOENCRYPTION 0x00000002
367	#define WBC_AUTH_USER_INFO_CACHED_ACCOUNT 0x00000004
368	#define WBC_AUTH_USER_INFO_USED_LM_PASSWORD 0x00000008
369	#define WBC_AUTH_USER_INFO_EXTRA_SIDS 0x00000020
370	#define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY 0x00000040
371	#define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT 0x00000080
372	#define WBC_AUTH_USER_INFO_NTLMV2_ENABLED 0x00000100
373	#define WBC_AUTH_USER_INFO_RESOURCE_GROUPS 0x00000200
374	#define WBC_AUTH_USER_INFO_PROFILE_PATH_RETURNED 0x00000400
375	#define WBC_AUTH_USER_INFO_GRACE_LOGON 0x01000000
376
377	/* wbcAuthUserInfo->acct_flags */
378
379	#define WBC_ACB_DISABLED 0x00000001 /* 1 User account disabled */
380	#define WBC_ACB_HOMDIRREQ 0x00000002 /* 1 Home directory required */
381	#define WBC_ACB_PWNOTREQ 0x00000004 /* 1 User password not required */
382	#define WBC_ACB_TEMPDUP 0x00000008 /* 1 Temporary duplicate account */
383	#define WBC_ACB_NORMAL 0x00000010 /* 1 Normal user account */
384	#define WBC_ACB_MNS 0x00000020 /* 1 MNS logon user account */
385	#define WBC_ACB_DOMTRUST 0x00000040 /* 1 Interdomain trust account */
386	#define WBC_ACB_WSTRUST 0x00000080 /* 1 Workstation trust account */
387	#define WBC_ACB_SVRTRUST 0x00000100 /* 1 Server trust account */
388	#define WBC_ACB_PWNOEXP 0x00000200 /* 1 User password does not expire */
389	#define WBC_ACB_AUTOLOCK 0x00000400 /* 1 Account auto locked */
390	#define WBC_ACB_ENC_TXT_PWD_ALLOWED 0x00000800 /* 1 Encryped text password is allowed */
391	#define WBC_ACB_SMARTCARD_REQUIRED 0x00001000 /* 1 Smart Card required */
392	#define WBC_ACB_TRUSTED_FOR_DELEGATION 0x00002000 /* 1 Trusted for Delegation */
393	#define WBC_ACB_NOT_DELEGATED 0x00004000 /* 1 Not delegated */
394	#define WBC_ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 Use DES key only */
395	#define WBC_ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 Preauth not required */
396	#define WBC_ACB_PW_EXPIRED 0x00020000 /* 1 Password Expired */
397	#define WBC_ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */
398
399	struct wbcAuthErrorInfo {
400	uint32_t nt_status;
401	char *nt_string;
402	int32_t pam_error;
403	char *display_string;
404	};
405
406	/**
407	* @brief User Password Policy Information
408	**/
409
410	/* wbcUserPasswordPolicyInfo->password_properties */
411
412	#define WBC_DOMAIN_PASSWORD_COMPLEX 0x00000001
413	#define WBC_DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002
414	#define WBC_DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004
415	#define WBC_DOMAIN_PASSWORD_LOCKOUT_ADMINS 0x00000008
416	#define WBC_DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010
417	#define WBC_DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020
418
419	struct wbcUserPasswordPolicyInfo {
420	uint32_t min_length_password;
421	uint32_t password_history;
422	uint32_t password_properties;
423	uint64_t expire;
424	uint64_t min_passwordage;
425	};
426
427	/**
428	* @brief Change Password Reject Reason
429	**/
430
431	enum wbcPasswordChangeRejectReason {
432	WBC_PWD_CHANGE_REJECT_OTHER=0,
433	WBC_PWD_CHANGE_REJECT_TOO_SHORT=1,
434	WBC_PWD_CHANGE_REJECT_IN_HISTORY=2,
435	WBC_PWD_CHANGE_REJECT_COMPLEXITY=5
436	};
437
438	/**
439	* @brief Logoff User Parameters
440	**/
441
442	struct wbcLogoffUserParams {
443	const char *username;
444	size_t num_blobs;
445	struct wbcNamedBlob *blobs;
446	};
447
448	/** @brief Credential cache log-on parameters
449	*
450	*/
451
452	struct wbcCredentialCacheParams {
453	const char *account_name;
454	const char *domain_name;
455	enum wbcCredentialCacheLevel {
456	WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP = 1
457	} level;
458	size_t num_blobs;
459	struct wbcNamedBlob *blobs;
460	};
461
462
463	/** @brief Info returned by credential cache auth
464	*
465	*/
466
467	struct wbcCredentialCacheInfo {
468	size_t num_blobs;
469	struct wbcNamedBlob *blobs;
470	};
471
472	/*
473	* DomainControllerInfo struct
474	*/
475	struct wbcDomainControllerInfo {
476	char *dc_name;
477	};
478
479	/*
480	* DomainControllerInfoEx struct
481	*/
482	struct wbcDomainControllerInfoEx {
483	const char *dc_unc;
484	const char *dc_address;
485	uint16_t dc_address_type;
486	struct wbcGuid *domain_guid;
487	const char *domain_name;
488	const char *forest_name;
489	uint32_t dc_flags;
490	const char *dc_site_name;
491	const char *client_site_name;
492	};
493
494	/**********************************************************
495	* Memory Management
496	**********************************************************/
497
498	/**
499	* @brief Free library allocated memory
500	*
501	* @param * Pointer to free
502	*
503	* @return void
504	**/
505	void wbcFreeMemory(void*);
506
507
508	/*
509	* Utility functions for dealing with SIDs
510	*/
511
512	/**
513	* @brief Get a string representation of the SID type
514	*
515	* @param type type of the SID
516	*
517	* @return string representation of the SID type
518	*/
519	const char* wbcSidTypeString(enum wbcSidType type);
520
521	/**
522	* @brief Convert a binary SID to a character string
523	*
524	* @param sid Binary Security Identifier
525	* @param **sid_string Resulting character string
526	*
527	* @return #wbcErr
528	**/
529	wbcErr wbcSidToString(const struct wbcDomainSid *sid,
530	char **sid_string);
531
532	/**
533	* @brief Convert a character string to a binary SID
534	*
535	* @param *sid_string Character string in the form of S-...
536	* @param sid Resulting binary SID
537	*
538	* @return #wbcErr
539	**/
540	wbcErr wbcStringToSid(const char *sid_string,
541	struct wbcDomainSid *sid);
542
543	/*
544	* Utility functions for dealing with GUIDs
545	*/
546
547	/**
548	* @brief Convert a binary GUID to a character string
549	*
550	* @param guid Binary Guid
551	* @param **guid_string Resulting character string
552	*
553	* @return #wbcErr
554	**/
555	wbcErr wbcGuidToString(const struct wbcGuid *guid,
556	char **guid_string);
557
558	/**
559	* @brief Convert a character string to a binary GUID
560	*
561	* @param *guid_string Character string
562	* @param guid Resulting binary GUID
563	*
564	* @return #wbcErr
565	**/
566	wbcErr wbcStringToGuid(const char *guid_string,
567	struct wbcGuid *guid);
568
569	/**
570	* @brief Ping winbindd to see if the daemon is running
571	*
572	* @return #wbcErr
573	**/
574	wbcErr wbcPing(void);
575
576	wbcErr wbcLibraryDetails(struct wbcLibraryDetails **details);
577
578	wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **details);
579
580	/**********************************************************
581	* Name/SID conversion
582	**********************************************************/
583
584	/**
585	* @brief Convert a domain and name to SID
586	*
587	* @param dom_name Domain name (possibly "")
588	* @param name User or group name
589	* @param *sid Pointer to the resolved domain SID
590	* @param *name_type Pointer to the SID type
591	*
592	* @return #wbcErr
593	**/
594	wbcErr wbcLookupName(const char *dom_name,
595	const char *name,
596	struct wbcDomainSid *sid,
597	enum wbcSidType *name_type);
598
599	/**
600	* @brief Convert a SID to a domain and name
601	*
602	* @param *sid Pointer to the domain SID to be resolved
603	* @param domain Resolved Domain name (possibly "")
604	* @param name Resolved User or group name
605	* @param *name_type Pointer to the resolved SID type
606	*
607	* @return #wbcErr
608	**/
609	wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
610	char **domain,
611	char **name,
612	enum wbcSidType *name_type);
613
614	/**
615	* @brief Translate a collection of RIDs within a domain to names
616	*/
617	wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
618	int num_rids,
619	uint32_t *rids,
620	const char **domain_name,
621	const char ***names,
622	enum wbcSidType **types);
623
624	/*
625	* @brief Get the groups a user belongs to
626	**/
627	wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
628	bool domain_groups_only,
629	uint32_t *num_sids,
630	struct wbcDomainSid **sids);
631
632	/*
633	* @brief Get alias membership for sids
634	**/
635	wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid,
636	struct wbcDomainSid *sids,
637	uint32_t num_sids,
638	uint32_t **alias_rids,
639	uint32_t *num_alias_rids);
640
641	/**
642	* @brief Lists Users
643	**/
644	wbcErr wbcListUsers(const char *domain_name,
645	uint32_t *num_users,
646	const char ***users);
647
648	/**
649	* @brief Lists Groups
650	**/
651	wbcErr wbcListGroups(const char *domain_name,
652	uint32_t *num_groups,
653	const char ***groups);
654
655	wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid,
656	char **pdomain,
657	char **pfullname,
658	enum wbcSidType *pname_type);
659
660	/**********************************************************
661	* SID/uid/gid Mappings
662	**********************************************************/
663
664	/**
665	* @brief Convert a Windows SID to a Unix uid, allocating an uid if needed
666	*
667	* @param *sid Pointer to the domain SID to be resolved
668	* @param *puid Pointer to the resolved uid_t value
669	*
670	* @return #wbcErr
671	*
672	**/
673	wbcErr wbcSidToUid(const struct wbcDomainSid *sid,
674	uid_t *puid);
675
676	/**
677	* @brief Convert a Windows SID to a Unix uid if there already is a mapping
678	*
679	* @param *sid Pointer to the domain SID to be resolved
680	* @param *puid Pointer to the resolved uid_t value
681	*
682	* @return #wbcErr
683	*
684	**/
685	wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid,
686	uid_t *puid);
687
688	/**
689	* @brief Convert a Unix uid to a Windows SID, allocating a SID if needed
690	*
691	* @param uid Unix uid to be resolved
692	* @param *sid Pointer to the resolved domain SID
693	*
694	* @return #wbcErr
695	*
696	**/
697	wbcErr wbcUidToSid(uid_t uid,
698	struct wbcDomainSid *sid);
699
700	/**
701	* @brief Convert a Unix uid to a Windows SID if there already is a mapping
702	*
703	* @param uid Unix uid to be resolved
704	* @param *sid Pointer to the resolved domain SID
705	*
706	* @return #wbcErr
707	*
708	**/
709	wbcErr wbcQueryUidToSid(uid_t uid,
710	struct wbcDomainSid *sid);
711
712	/**
713	* @brief Convert a Windows SID to a Unix gid, allocating a gid if needed
714	*
715	* @param *sid Pointer to the domain SID to be resolved
716	* @param *pgid Pointer to the resolved gid_t value
717	*
718	* @return #wbcErr
719	*
720	**/
721	wbcErr wbcSidToGid(const struct wbcDomainSid *sid,
722	gid_t *pgid);
723
724	/**
725	* @brief Convert a Windows SID to a Unix gid if there already is a mapping
726	*
727	* @param *sid Pointer to the domain SID to be resolved
728	* @param *pgid Pointer to the resolved gid_t value
729	*
730	* @return #wbcErr
731	*
732	**/
733	wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid,
734	gid_t *pgid);
735
736	/**
737	* @brief Convert a Unix gid to a Windows SID, allocating a SID if needed
738	*
739	* @param gid Unix gid to be resolved
740	* @param *sid Pointer to the resolved domain SID
741	*
742	* @return #wbcErr
743	*
744	**/
745	wbcErr wbcGidToSid(gid_t gid,
746	struct wbcDomainSid *sid);
747
748	/**
749	* @brief Convert a Unix gid to a Windows SID if there already is a mapping
750	*
751	* @param gid Unix gid to be resolved
752	* @param *sid Pointer to the resolved domain SID
753	*
754	* @return #wbcErr
755	*
756	**/
757	wbcErr wbcQueryGidToSid(gid_t gid,
758	struct wbcDomainSid *sid);
759
760	/**
761	* @brief Obtain a new uid from Winbind
762	*
763	* @param puid pointer to the allocated uid
764	*
765	* @return #wbcErr
766	**/
767	wbcErr wbcAllocateUid(uid_t *puid);
768
769	/**
770	* @brief Obtain a new gid from Winbind
771	*
772	* @param *pgid Pointer to the allocated gid
773	*
774	* @return #wbcErr
775	**/
776	wbcErr wbcAllocateGid(gid_t *pgid);
777
778	/**
779	* @brief Set an user id mapping
780	*
781	* @param uid Uid of the desired mapping.
782	* @param *sid Pointer to the sid of the diresired mapping.
783	*
784	* @return #wbcErr
785	**/
786	wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid);
787
788	/**
789	* @brief Set a group id mapping
790	*
791	* @param gid Gid of the desired mapping.
792	* @param *sid Pointer to the sid of the diresired mapping.
793	*
794	* @return #wbcErr
795	**/
796	wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid);
797
798	/**
799	* @brief Remove a user id mapping
800	*
801	* @param uid Uid of the mapping to remove.
802	* @param *sid Pointer to the sid of the mapping to remove.
803	*
804	* @return #wbcErr
805	**/
806	wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid);
807
808	/**
809	* @brief Remove a group id mapping
810	*
811	* @param gid Gid of the mapping to remove.
812	* @param *sid Pointer to the sid of the mapping to remove.
813	*
814	* @return #wbcErr
815	**/
816	wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid);
817
818	/**
819	* @brief Set the highwater mark for allocated uids.
820	*
821	* @param uid_hwm The new uid highwater mark value
822	*
823	* @return #wbcErr
824	**/
825	wbcErr wbcSetUidHwm(uid_t uid_hwm);
826
827	/**
828	* @brief Set the highwater mark for allocated gids.
829	*
830	* @param gid_hwm The new gid highwater mark value
831	*
832	* @return #wbcErr
833	**/
834	wbcErr wbcSetGidHwm(gid_t gid_hwm);
835
836	/**********************************************************
837	* NSS Lookup User/Group details
838	**********************************************************/
839
840	/**
841	* @brief Fill in a struct passwd* for a domain user based
842	* on username
843	*
844	* @param *name Username to lookup
845	* @param *pwd Pointer to resulting struct passwd from the query.
846	*
847	* @return #wbcErr
848	**/
849	wbcErr wbcGetpwnam(const char name, struct passwd *pwd);
850
851	/**
852	* @brief Fill in a struct passwd* for a domain user based
853	* on uid
854	*
855	* @param uid Uid to lookup
856	* @param *pwd Pointer to resulting struct passwd from the query.
857	*
858	* @return #wbcErr
859	**/
860	wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd);
861
862	/**
863	* @brief Fill in a struct passwd* for a domain user based
864	* on sid
865	*
866	* @param sid Sid to lookup
867	* @param *pwd Pointer to resulting struct passwd from the query.
868	*
869	* @return #wbcErr
870	**/
871	wbcErr wbcGetpwsid(struct wbcDomainSid * sid, struct passwd **pwd);
872
873	/**
874	* @brief Fill in a struct passwd* for a domain user based
875	* on username
876	*
877	* @param *name Username to lookup
878	* @param *grp Pointer to resulting struct group from the query.
879	*
880	* @return #wbcErr
881	**/
882	wbcErr wbcGetgrnam(const char name, struct group *grp);
883
884	/**
885	* @brief Fill in a struct passwd* for a domain user based
886	* on uid
887	*
888	* @param gid Uid to lookup
889	* @param *grp Pointer to resulting struct group from the query.
890	*
891	* @return #wbcErr
892	**/
893	wbcErr wbcGetgrgid(gid_t gid, struct group **grp);
894
895	/**
896	* @brief Reset the passwd iterator
897	*
898	* @return #wbcErr
899	**/
900	wbcErr wbcSetpwent(void);
901
902	/**
903	* @brief Close the passwd iterator
904	*
905	* @return #wbcErr
906	**/
907	wbcErr wbcEndpwent(void);
908
909	/**
910	* @brief Return the next struct passwd* entry from the pwent iterator
911	*
912	* @param *pwd Pointer to resulting struct passwd from the query.
913	*
914	* @return #wbcErr
915	**/
916	wbcErr wbcGetpwent(struct passwd **pwd);
917
918	/**
919	* @brief Reset the group iterator
920	*
921	* @return #wbcErr
922	**/
923	wbcErr wbcSetgrent(void);
924
925	/**
926	* @brief Close the group iterator
927	*
928	* @return #wbcErr
929	**/
930	wbcErr wbcEndgrent(void);
931
932	/**
933	* @brief Return the next struct group* entry from the pwent iterator
934	*
935	* @param *grp Pointer to resulting struct group from the query.
936	*
937	* @return #wbcErr
938	**/
939	wbcErr wbcGetgrent(struct group **grp);
940
941	/**
942	* @brief Return the next struct group* entry from the pwent iterator
943	*
944	* This is similar to #wbcGetgrent, just that the member list is empty
945	*
946	* @param *grp Pointer to resulting struct group from the query.
947	*
948	* @return #wbcErr
949	**/
950	wbcErr wbcGetgrlist(struct group **grp);
951
952	/**
953	* @brief Return the unix group array belonging to the given user
954	*
955	* @param *account The given user name
956	* @param *num_groups Number of elements returned in the groups array
957	* @param **_groups Pointer to resulting gid_t array.
958	*
959	* @return #wbcErr
960	**/
961	wbcErr wbcGetGroups(const char *account,
962	uint32_t *num_groups,
963	gid_t **_groups);
964
965
966	/**********************************************************
967	* Lookup Domain information
968	**********************************************************/
969
970	/**
971	* @brief Lookup the current status of a trusted domain
972	*
973	* @param domain Domain to query
974	* @param *info Pointer to returned domain_info struct
975	*
976	* @return #wbcErr
977	**/
978	wbcErr wbcDomainInfo(const char *domain,
979	struct wbcDomainInfo **info);
980
981	/**
982	* @brief Enumerate the domain trusts known by Winbind
983	*
984	* @param **domains Pointer to the allocated domain list array
985	* @param *num_domains Pointer to number of domains returned
986	*
987	* @return #wbcErr
988	**/
989	wbcErr wbcListTrusts(struct wbcDomainInfo **domains,
990	size_t *num_domains);
991
992	/* Flags for wbcLookupDomainController */
993
994	#define WBC_LOOKUP_DC_FORCE_REDISCOVERY 0x00000001
995	#define WBC_LOOKUP_DC_DS_REQUIRED 0x00000010
996	#define WBC_LOOKUP_DC_DS_PREFERRED 0x00000020
997	#define WBC_LOOKUP_DC_GC_SERVER_REQUIRED 0x00000040
998	#define WBC_LOOKUP_DC_PDC_REQUIRED 0x00000080
999	#define WBC_LOOKUP_DC_BACKGROUND_ONLY 0x00000100
1000	#define WBC_LOOKUP_DC_IP_REQUIRED 0x00000200
1001	#define WBC_LOOKUP_DC_KDC_REQUIRED 0x00000400
1002	#define WBC_LOOKUP_DC_TIMESERV_REQUIRED 0x00000800
1003	#define WBC_LOOKUP_DC_WRITABLE_REQUIRED 0x00001000
1004	#define WBC_LOOKUP_DC_GOOD_TIMESERV_PREFERRED 0x00002000
1005	#define WBC_LOOKUP_DC_AVOID_SELF 0x00004000
1006	#define WBC_LOOKUP_DC_ONLY_LDAP_NEEDED 0x00008000
1007	#define WBC_LOOKUP_DC_IS_FLAT_NAME 0x00010000
1008	#define WBC_LOOKUP_DC_IS_DNS_NAME 0x00020000
1009	#define WBC_LOOKUP_DC_TRY_NEXTCLOSEST_SITE 0x00040000
1010	#define WBC_LOOKUP_DC_DS_6_REQUIRED 0x00080000
1011	#define WBC_LOOKUP_DC_RETURN_DNS_NAME 0x40000000
1012	#define WBC_LOOKUP_DC_RETURN_FLAT_NAME 0x80000000
1013
1014	/**
1015	* @brief Enumerate the domain trusts known by Winbind
1016	*
1017	* @param domain Name of the domain to query for a DC
1018	* @param flags Bit flags used to control the domain location query
1019	* @param *dc_info Pointer to the returned domain controller information
1020	*
1021	* @return #wbcErr
1022	**/
1023	wbcErr wbcLookupDomainController(const char *domain,
1024	uint32_t flags,
1025	struct wbcDomainControllerInfo **dc_info);
1026
1027	/**
1028	* @brief Get extended domain controller information
1029	*
1030	* @param domain Name of the domain to query for a DC
1031	* @param guid Guid of the domain to query for a DC
1032	* @param site Site of the domain to query for a DC
1033	* @param flags Bit flags used to control the domain location query
1034	* @param *dc_info Pointer to the returned extended domain controller information
1035	*
1036	* @return #wbcErr
1037	**/
1038	wbcErr wbcLookupDomainControllerEx(const char *domain,
1039	struct wbcGuid *guid,
1040	const char *site,
1041	uint32_t flags,
1042	struct wbcDomainControllerInfoEx **dc_info);
1043
1044	/**********************************************************
1045	* Athenticate functions
1046	**********************************************************/
1047
1048	/**
1049	* @brief Authenticate a username/password pair
1050	*
1051	* @param username Name of user to authenticate
1052	* @param password Clear text password os user
1053	*
1054	* @return #wbcErr
1055	**/
1056	wbcErr wbcAuthenticateUser(const char *username,
1057	const char *password);
1058
1059	/**
1060	* @brief Authenticate with more detailed information
1061	*
1062	* @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH
1063	* is not supported yet
1064	* @param info Output details on WBC_ERR_SUCCESS
1065	* @param error Output details on WBC_ERR_AUTH_ERROR
1066	*
1067	* @return #wbcErr
1068	**/
1069	wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
1070	struct wbcAuthUserInfo **info,
1071	struct wbcAuthErrorInfo **error);
1072
1073	/**
1074	* @brief Logon a User
1075	*
1076	* @param[in] params Pointer to a wbcLogonUserParams structure
1077	* @param[out] info Pointer to a pointer to a wbcLogonUserInfo structure
1078	* @param[out] error Pointer to a pointer to a wbcAuthErrorInfo structure
1079	* @param[out] policy Pointer to a pointer to a wbcUserPasswordPolicyInfo structure
1080	*
1081	* @return #wbcErr
1082	**/
1083	wbcErr wbcLogonUser(const struct wbcLogonUserParams *params,
1084	struct wbcLogonUserInfo **info,
1085	struct wbcAuthErrorInfo **error,
1086	struct wbcUserPasswordPolicyInfo **policy);
1087
1088	/**
1089	* @brief Trigger a logoff notification to Winbind for a specific user
1090	*
1091	* @param username Name of user to remove from Winbind's list of
1092	* logged on users.
1093	* @param uid Uid assigned to the username
1094	* @param ccfilename Absolute path to the Krb5 credentials cache to
1095	* be removed
1096	*
1097	* @return #wbcErr
1098	**/
1099	wbcErr wbcLogoffUser(const char *username,
1100	uid_t uid,
1101	const char *ccfilename);
1102
1103	/**
1104	* @brief Trigger an extended logoff notification to Winbind for a specific user
1105	*
1106	* @param params A wbcLogoffUserParams structure
1107	* @param error User output details on error
1108	*
1109	* @return #wbcErr
1110	**/
1111	wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params,
1112	struct wbcAuthErrorInfo **error);
1113
1114	/**
1115	* @brief Change a password for a user
1116	*
1117	* @param username Name of user to authenticate
1118	* @param old_password Old clear text password of user
1119	* @param new_password New clear text password of user
1120	*
1121	* @return #wbcErr
1122	**/
1123	wbcErr wbcChangeUserPassword(const char *username,
1124	const char *old_password,
1125	const char *new_password);
1126
1127	/**
1128	* @brief Change a password for a user with more detailed information upon
1129	* failure
1130	*
1131	* @param params Input parameters
1132	* @param error User output details on WBC_ERR_PWD_CHANGE_FAILED
1133	* @param reject_reason New password reject reason on WBC_ERR_PWD_CHANGE_FAILED
1134	* @param policy Password policy output details on WBC_ERR_PWD_CHANGE_FAILED
1135	*
1136	* @return #wbcErr
1137	**/
1138	wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params,
1139	struct wbcAuthErrorInfo **error,
1140	enum wbcPasswordChangeRejectReason *reject_reason,
1141	struct wbcUserPasswordPolicyInfo **policy);
1142
1143	/**
1144	* @brief Authenticate a user with cached credentials
1145	*
1146	* @param *params Pointer to a wbcCredentialCacheParams structure
1147	* @param **info Pointer to a pointer to a wbcCredentialCacheInfo structure
1148	* @param **error Pointer to a pointer to a wbcAuthErrorInfo structure
1149	*
1150	* @return #wbcErr
1151	**/
1152	wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params,
1153	struct wbcCredentialCacheInfo **info,
1154	struct wbcAuthErrorInfo **error);
1155
1156	/**
1157	* @brief Save a password with winbind for doing wbcCredentialCache() later
1158	*
1159	* @param *user Username
1160	* @param *password Password
1161	*
1162	* @return #wbcErr
1163	**/
1164	wbcErr wbcCredentialSave(const char user, const char password);
1165
1166	/**********************************************************
1167	* Resolve functions
1168	**********************************************************/
1169
1170	/**
1171	* @brief Resolve a NetbiosName via WINS
1172	*
1173	* @param name Name to resolve
1174	* @param *ip Pointer to the ip address string
1175	*
1176	* @return #wbcErr
1177	**/
1178	wbcErr wbcResolveWinsByName(const char name, char *ip);
1179
1180	/**
1181	* @brief Resolve an IP address via WINS into a NetbiosName
1182	*
1183	* @param ip The ip address string
1184	* @param *name Pointer to the name
1185	*
1186	* @return #wbcErr
1187	*
1188	**/
1189	wbcErr wbcResolveWinsByIP(const char ip, char *name);
1190
1191	/**********************************************************
1192	* Trusted domain functions
1193	**********************************************************/
1194
1195	/**
1196	* @brief Trigger a verification of the trust credentials of a specific domain
1197	*
1198	* @param *domain The name of the domain.
1199	* @param error Output details on WBC_ERR_AUTH_ERROR
1200	*
1201	* @return #wbcErr
1202	**/
1203	wbcErr wbcCheckTrustCredentials(const char *domain,
1204	struct wbcAuthErrorInfo **error);
1205
1206	/**
1207	* @brief Trigger a change of the trust credentials for a specific domain
1208	*
1209	* @param *domain The name of the domain.
1210	* @param error Output details on WBC_ERR_AUTH_ERROR
1211	*
1212	* @return #wbcErr
1213	**/
1214	wbcErr wbcChangeTrustCredentials(const char *domain,
1215	struct wbcAuthErrorInfo **error);
1216
1217	/**
1218	* @brief Trigger a no-op call through the NETLOGON pipe. Low-cost
1219	* version of wbcCheckTrustCredentials
1220	*
1221	* @param *domain The name of the domain, only NULL for the default domain is
1222	* supported yet. Other values than NULL will result in
1223	* WBC_ERR_NOT_IMPLEMENTED.
1224	* @param error Output details on WBC_ERR_AUTH_ERROR
1225	*
1226	* @return #wbcErr
1227	**/
1228	wbcErr wbcPingDc(const char domain, struct wbcAuthErrorInfo *error);
1229
1230	/**********************************************************
1231	* Helper functions
1232	**********************************************************/
1233
1234	/**
1235	* @brief Initialize a named blob and add to list of blobs
1236	*
1237	* @param[in,out] num_blobs Pointer to the number of blobs
1238	* @param[in,out] blobs Pointer to an array of blobs
1239	* @param[in] name Name of the new named blob
1240	* @param[in] flags Flags of the new named blob
1241	* @param[in] data Blob data of new blob
1242	* @param[in] length Blob data length of new blob
1243	*
1244	* @return #wbcErr
1245	**/
1246	wbcErr wbcAddNamedBlob(size_t *num_blobs,
1247	struct wbcNamedBlob **blobs,
1248	const char *name,
1249	uint32_t flags,
1250	uint8_t *data,
1251	size_t length);
1252
1253	#endif /* _WBCLIENT_H */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: