source: branches/samba-3.5.x/nsswitch/libwbclient/wbclient.h@ 955

Last change on this file since 955 was 414, checked in by Herwig Bauernfeind, 16 years ago

Samba 3.5.0: Initial import

File size: 32.1 KB
Line 
1/*
2 Unix SMB/CIFS implementation.
3
4 Winbind client API
5
6 Copyright (C) Gerald (Jerry) Carter 2007
7 Copyright (C) Volker Lendecke 2009
8
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Lesser General Public
11 License as published by the Free Software Foundation; either
12 version 3 of the License, or (at your option) any later version.
13
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Library General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21*/
22
23#ifndef _WBCLIENT_H
24#define _WBCLIENT_H
25
26#include <pwd.h>
27#include <grp.h>
28
29/* Define error types */
30
31/**
32 * @brief Status codes returned from wbc functions
33 **/
34
35enum _wbcErrType {
36 WBC_ERR_SUCCESS = 0, /**< Successful completion **/
37 WBC_ERR_NOT_IMPLEMENTED,/**< Function not implemented **/
38 WBC_ERR_UNKNOWN_FAILURE,/**< General failure **/
39 WBC_ERR_NO_MEMORY, /**< Memory allocation error **/
40 WBC_ERR_INVALID_SID, /**< Invalid SID format **/
41 WBC_ERR_INVALID_PARAM, /**< An Invalid parameter was supplied **/
42 WBC_ERR_WINBIND_NOT_AVAILABLE, /**< Winbind daemon is not available **/
43 WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/
44 WBC_ERR_INVALID_RESPONSE, /**< Winbind returned an invalid response **/
45 WBC_ERR_NSS_ERROR, /**< NSS_STATUS error **/
46 WBC_ERR_AUTH_ERROR, /**< Authentication failed **/
47 WBC_ERR_UNKNOWN_USER, /**< User account cannot be found */
48 WBC_ERR_UNKNOWN_GROUP, /**< Group account cannot be found */
49 WBC_ERR_PWD_CHANGE_FAILED /**< Password Change has failed */
50};
51
52typedef enum _wbcErrType wbcErr;
53
54#define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS)
55
56const char *wbcErrorString(wbcErr error);
57
58/**
59 * @brief Some useful details about the wbclient library
60 *
61 * 0.1: Initial version
62 * 0.2: Added wbcRemoveUidMapping()
63 * Added wbcRemoveGidMapping()
64 * 0.3: Added wbcGetpwsid()
65 * Added wbcGetSidAliases()
66 * 0.4: Added wbcSidTypeString()
67 * 0.5: Added wbcChangeTrustCredentials()
68 **/
69#define WBCLIENT_MAJOR_VERSION 0
70#define WBCLIENT_MINOR_VERSION 5
71#define WBCLIENT_VENDOR_VERSION "Samba libwbclient"
72struct wbcLibraryDetails {
73 uint16_t major_version;
74 uint16_t minor_version;
75 const char *vendor_version;
76};
77
78/**
79 * @brief Some useful details about the running winbindd
80 *
81 **/
82struct wbcInterfaceDetails {
83 uint32_t interface_version;
84 const char *winbind_version;
85 char winbind_separator;
86 const char *netbios_name;
87 const char *netbios_domain;
88 const char *dns_domain;
89};
90
91/*
92 * Data types used by the Winbind Client API
93 */
94
95#ifndef WBC_MAXSUBAUTHS
96#define WBC_MAXSUBAUTHS 15 /* max sub authorities in a SID */
97#endif
98
99/**
100 * @brief Windows Security Identifier
101 *
102 **/
103
104struct wbcDomainSid {
105 uint8_t sid_rev_num;
106 uint8_t num_auths;
107 uint8_t id_auth[6];
108 uint32_t sub_auths[WBC_MAXSUBAUTHS];
109};
110
111/**
112 * @brief Security Identifier type
113 **/
114
115enum wbcSidType {
116 WBC_SID_NAME_USE_NONE=0,
117 WBC_SID_NAME_USER=1,
118 WBC_SID_NAME_DOM_GRP=2,
119 WBC_SID_NAME_DOMAIN=3,
120 WBC_SID_NAME_ALIAS=4,
121 WBC_SID_NAME_WKN_GRP=5,
122 WBC_SID_NAME_DELETED=6,
123 WBC_SID_NAME_INVALID=7,
124 WBC_SID_NAME_UNKNOWN=8,
125 WBC_SID_NAME_COMPUTER=9
126};
127
128/**
129 * @brief Security Identifier with attributes
130 **/
131
132struct wbcSidWithAttr {
133 struct wbcDomainSid sid;
134 uint32_t attributes;
135};
136
137/* wbcSidWithAttr->attributes */
138
139#define WBC_SID_ATTR_GROUP_MANDATORY 0x00000001
140#define WBC_SID_ATTR_GROUP_ENABLED_BY_DEFAULT 0x00000002
141#define WBC_SID_ATTR_GROUP_ENABLED 0x00000004
142#define WBC_SID_ATTR_GROUP_OWNER 0x00000008
143#define WBC_SID_ATTR_GROUP_USEFOR_DENY_ONLY 0x00000010
144#define WBC_SID_ATTR_GROUP_RESOURCE 0x20000000
145#define WBC_SID_ATTR_GROUP_LOGON_ID 0xC0000000
146
147/**
148 * @brief Windows GUID
149 *
150 **/
151
152struct wbcGuid {
153 uint32_t time_low;
154 uint16_t time_mid;
155 uint16_t time_hi_and_version;
156 uint8_t clock_seq[2];
157 uint8_t node[6];
158};
159
160/**
161 * @brief Domain Information
162 **/
163
164struct wbcDomainInfo {
165 char *short_name;
166 char *dns_name;
167 struct wbcDomainSid sid;
168 uint32_t domain_flags;
169 uint32_t trust_flags;
170 uint32_t trust_type;
171};
172
173/* wbcDomainInfo->domain_flags */
174
175#define WBC_DOMINFO_DOMAIN_UNKNOWN 0x00000000
176#define WBC_DOMINFO_DOMAIN_NATIVE 0x00000001
177#define WBC_DOMINFO_DOMAIN_AD 0x00000002
178#define WBC_DOMINFO_DOMAIN_PRIMARY 0x00000004
179#define WBC_DOMINFO_DOMAIN_OFFLINE 0x00000008
180
181/* wbcDomainInfo->trust_flags */
182
183#define WBC_DOMINFO_TRUST_TRANSITIVE 0x00000001
184#define WBC_DOMINFO_TRUST_INCOMING 0x00000002
185#define WBC_DOMINFO_TRUST_OUTGOING 0x00000004
186
187/* wbcDomainInfo->trust_type */
188
189#define WBC_DOMINFO_TRUSTTYPE_NONE 0x00000000
190#define WBC_DOMINFO_TRUSTTYPE_FOREST 0x00000001
191#define WBC_DOMINFO_TRUSTTYPE_IN_FOREST 0x00000002
192#define WBC_DOMINFO_TRUSTTYPE_EXTERNAL 0x00000003
193
194
195/**
196 * @brief Auth User Parameters
197 **/
198
199struct wbcAuthUserParams {
200 const char *account_name;
201 const char *domain_name;
202 const char *workstation_name;
203
204 uint32_t flags;
205
206 uint32_t parameter_control;
207
208 enum wbcAuthUserLevel {
209 WBC_AUTH_USER_LEVEL_PLAIN = 1,
210 WBC_AUTH_USER_LEVEL_HASH = 2,
211 WBC_AUTH_USER_LEVEL_RESPONSE = 3
212 } level;
213 union {
214 const char *plaintext;
215 struct {
216 uint8_t nt_hash[16];
217 uint8_t lm_hash[16];
218 } hash;
219 struct {
220 uint8_t challenge[8];
221 uint32_t nt_length;
222 uint8_t *nt_data;
223 uint32_t lm_length;
224 uint8_t *lm_data;
225 } response;
226 } password;
227};
228
229/**
230 * @brief Generic Blob
231 **/
232
233struct wbcBlob {
234 uint8_t *data;
235 size_t length;
236};
237
238/**
239 * @brief Named Blob
240 **/
241
242struct wbcNamedBlob {
243 const char *name;
244 uint32_t flags;
245 struct wbcBlob blob;
246};
247
248/**
249 * @brief Logon User Parameters
250 **/
251
252struct wbcLogonUserParams {
253 const char *username;
254 const char *password;
255 size_t num_blobs;
256 struct wbcNamedBlob *blobs;
257};
258
259/**
260 * @brief ChangePassword Parameters
261 **/
262
263struct wbcChangePasswordParams {
264 const char *account_name;
265 const char *domain_name;
266
267 uint32_t flags;
268
269 enum wbcChangePasswordLevel {
270 WBC_CHANGE_PASSWORD_LEVEL_PLAIN = 1,
271 WBC_CHANGE_PASSWORD_LEVEL_RESPONSE = 2
272 } level;
273
274 union {
275 const char *plaintext;
276 struct {
277 uint32_t old_nt_hash_enc_length;
278 uint8_t *old_nt_hash_enc_data;
279 uint32_t old_lm_hash_enc_length;
280 uint8_t *old_lm_hash_enc_data;
281 } response;
282 } old_password;
283 union {
284 const char *plaintext;
285 struct {
286 uint32_t nt_length;
287 uint8_t *nt_data;
288 uint32_t lm_length;
289 uint8_t *lm_data;
290 } response;
291 } new_password;
292};
293
294/* wbcAuthUserParams->parameter_control */
295
296#define WBC_MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x00000002
297#define WBC_MSV1_0_UPDATE_LOGON_STATISTICS 0x00000004
298#define WBC_MSV1_0_RETURN_USER_PARAMETERS 0x00000008
299#define WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x00000020
300#define WBC_MSV1_0_RETURN_PROFILE_PATH 0x00000200
301#define WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x00000800
302
303/* wbcAuthUserParams->flags */
304
305#define WBC_AUTH_PARAM_FLAGS_INTERACTIVE_LOGON 0x00000001
306
307/**
308 * @brief Auth User Information
309 *
310 * Some of the strings are maybe NULL
311 **/
312
313struct wbcAuthUserInfo {
314 uint32_t user_flags;
315
316 char *account_name;
317 char *user_principal;
318 char *full_name;
319 char *domain_name;
320 char *dns_domain_name;
321
322 uint32_t acct_flags;
323 uint8_t user_session_key[16];
324 uint8_t lm_session_key[8];
325
326 uint16_t logon_count;
327 uint16_t bad_password_count;
328
329 uint64_t logon_time;
330 uint64_t logoff_time;
331 uint64_t kickoff_time;
332 uint64_t pass_last_set_time;
333 uint64_t pass_can_change_time;
334 uint64_t pass_must_change_time;
335
336 char *logon_server;
337 char *logon_script;
338 char *profile_path;
339 char *home_directory;
340 char *home_drive;
341
342 /*
343 * the 1st one is the account sid
344 * the 2nd one is the primary_group sid
345 * followed by the rest of the groups
346 */
347 uint32_t num_sids;
348 struct wbcSidWithAttr *sids;
349};
350
351/**
352 * @brief Logon User Information
353 *
354 * Some of the strings are maybe NULL
355 **/
356
357struct wbcLogonUserInfo {
358 struct wbcAuthUserInfo *info;
359 size_t num_blobs;
360 struct wbcNamedBlob *blobs;
361};
362
363/* wbcAuthUserInfo->user_flags */
364
365#define WBC_AUTH_USER_INFO_GUEST 0x00000001
366#define WBC_AUTH_USER_INFO_NOENCRYPTION 0x00000002
367#define WBC_AUTH_USER_INFO_CACHED_ACCOUNT 0x00000004
368#define WBC_AUTH_USER_INFO_USED_LM_PASSWORD 0x00000008
369#define WBC_AUTH_USER_INFO_EXTRA_SIDS 0x00000020
370#define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY 0x00000040
371#define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT 0x00000080
372#define WBC_AUTH_USER_INFO_NTLMV2_ENABLED 0x00000100
373#define WBC_AUTH_USER_INFO_RESOURCE_GROUPS 0x00000200
374#define WBC_AUTH_USER_INFO_PROFILE_PATH_RETURNED 0x00000400
375#define WBC_AUTH_USER_INFO_GRACE_LOGON 0x01000000
376
377/* wbcAuthUserInfo->acct_flags */
378
379#define WBC_ACB_DISABLED 0x00000001 /* 1 User account disabled */
380#define WBC_ACB_HOMDIRREQ 0x00000002 /* 1 Home directory required */
381#define WBC_ACB_PWNOTREQ 0x00000004 /* 1 User password not required */
382#define WBC_ACB_TEMPDUP 0x00000008 /* 1 Temporary duplicate account */
383#define WBC_ACB_NORMAL 0x00000010 /* 1 Normal user account */
384#define WBC_ACB_MNS 0x00000020 /* 1 MNS logon user account */
385#define WBC_ACB_DOMTRUST 0x00000040 /* 1 Interdomain trust account */
386#define WBC_ACB_WSTRUST 0x00000080 /* 1 Workstation trust account */
387#define WBC_ACB_SVRTRUST 0x00000100 /* 1 Server trust account */
388#define WBC_ACB_PWNOEXP 0x00000200 /* 1 User password does not expire */
389#define WBC_ACB_AUTOLOCK 0x00000400 /* 1 Account auto locked */
390#define WBC_ACB_ENC_TXT_PWD_ALLOWED 0x00000800 /* 1 Encryped text password is allowed */
391#define WBC_ACB_SMARTCARD_REQUIRED 0x00001000 /* 1 Smart Card required */
392#define WBC_ACB_TRUSTED_FOR_DELEGATION 0x00002000 /* 1 Trusted for Delegation */
393#define WBC_ACB_NOT_DELEGATED 0x00004000 /* 1 Not delegated */
394#define WBC_ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 Use DES key only */
395#define WBC_ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 Preauth not required */
396#define WBC_ACB_PW_EXPIRED 0x00020000 /* 1 Password Expired */
397#define WBC_ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */
398
399struct wbcAuthErrorInfo {
400 uint32_t nt_status;
401 char *nt_string;
402 int32_t pam_error;
403 char *display_string;
404};
405
406/**
407 * @brief User Password Policy Information
408 **/
409
410/* wbcUserPasswordPolicyInfo->password_properties */
411
412#define WBC_DOMAIN_PASSWORD_COMPLEX 0x00000001
413#define WBC_DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002
414#define WBC_DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004
415#define WBC_DOMAIN_PASSWORD_LOCKOUT_ADMINS 0x00000008
416#define WBC_DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010
417#define WBC_DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020
418
419struct wbcUserPasswordPolicyInfo {
420 uint32_t min_length_password;
421 uint32_t password_history;
422 uint32_t password_properties;
423 uint64_t expire;
424 uint64_t min_passwordage;
425};
426
427/**
428 * @brief Change Password Reject Reason
429 **/
430
431enum wbcPasswordChangeRejectReason {
432 WBC_PWD_CHANGE_REJECT_OTHER=0,
433 WBC_PWD_CHANGE_REJECT_TOO_SHORT=1,
434 WBC_PWD_CHANGE_REJECT_IN_HISTORY=2,
435 WBC_PWD_CHANGE_REJECT_COMPLEXITY=5
436};
437
438/**
439 * @brief Logoff User Parameters
440 **/
441
442struct wbcLogoffUserParams {
443 const char *username;
444 size_t num_blobs;
445 struct wbcNamedBlob *blobs;
446};
447
448/** @brief Credential cache log-on parameters
449 *
450 */
451
452struct wbcCredentialCacheParams {
453 const char *account_name;
454 const char *domain_name;
455 enum wbcCredentialCacheLevel {
456 WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP = 1
457 } level;
458 size_t num_blobs;
459 struct wbcNamedBlob *blobs;
460};
461
462
463/** @brief Info returned by credential cache auth
464 *
465 */
466
467struct wbcCredentialCacheInfo {
468 size_t num_blobs;
469 struct wbcNamedBlob *blobs;
470};
471
472/*
473 * DomainControllerInfo struct
474 */
475struct wbcDomainControllerInfo {
476 char *dc_name;
477};
478
479/*
480 * DomainControllerInfoEx struct
481 */
482struct wbcDomainControllerInfoEx {
483 const char *dc_unc;
484 const char *dc_address;
485 uint16_t dc_address_type;
486 struct wbcGuid *domain_guid;
487 const char *domain_name;
488 const char *forest_name;
489 uint32_t dc_flags;
490 const char *dc_site_name;
491 const char *client_site_name;
492};
493
494/**********************************************************
495 * Memory Management
496 **********************************************************/
497
498/**
499 * @brief Free library allocated memory
500 *
501 * @param * Pointer to free
502 *
503 * @return void
504 **/
505void wbcFreeMemory(void*);
506
507
508/*
509 * Utility functions for dealing with SIDs
510 */
511
512/**
513 * @brief Get a string representation of the SID type
514 *
515 * @param type type of the SID
516 *
517 * @return string representation of the SID type
518 */
519const char* wbcSidTypeString(enum wbcSidType type);
520
521/**
522 * @brief Convert a binary SID to a character string
523 *
524 * @param sid Binary Security Identifier
525 * @param **sid_string Resulting character string
526 *
527 * @return #wbcErr
528 **/
529wbcErr wbcSidToString(const struct wbcDomainSid *sid,
530 char **sid_string);
531
532/**
533 * @brief Convert a character string to a binary SID
534 *
535 * @param *sid_string Character string in the form of S-...
536 * @param sid Resulting binary SID
537 *
538 * @return #wbcErr
539 **/
540wbcErr wbcStringToSid(const char *sid_string,
541 struct wbcDomainSid *sid);
542
543/*
544 * Utility functions for dealing with GUIDs
545 */
546
547/**
548 * @brief Convert a binary GUID to a character string
549 *
550 * @param guid Binary Guid
551 * @param **guid_string Resulting character string
552 *
553 * @return #wbcErr
554 **/
555wbcErr wbcGuidToString(const struct wbcGuid *guid,
556 char **guid_string);
557
558/**
559 * @brief Convert a character string to a binary GUID
560 *
561 * @param *guid_string Character string
562 * @param guid Resulting binary GUID
563 *
564 * @return #wbcErr
565 **/
566wbcErr wbcStringToGuid(const char *guid_string,
567 struct wbcGuid *guid);
568
569/**
570 * @brief Ping winbindd to see if the daemon is running
571 *
572 * @return #wbcErr
573 **/
574wbcErr wbcPing(void);
575
576wbcErr wbcLibraryDetails(struct wbcLibraryDetails **details);
577
578wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **details);
579
580/**********************************************************
581 * Name/SID conversion
582 **********************************************************/
583
584/**
585 * @brief Convert a domain and name to SID
586 *
587 * @param dom_name Domain name (possibly "")
588 * @param name User or group name
589 * @param *sid Pointer to the resolved domain SID
590 * @param *name_type Pointer to the SID type
591 *
592 * @return #wbcErr
593 **/
594wbcErr wbcLookupName(const char *dom_name,
595 const char *name,
596 struct wbcDomainSid *sid,
597 enum wbcSidType *name_type);
598
599/**
600 * @brief Convert a SID to a domain and name
601 *
602 * @param *sid Pointer to the domain SID to be resolved
603 * @param domain Resolved Domain name (possibly "")
604 * @param name Resolved User or group name
605 * @param *name_type Pointer to the resolved SID type
606 *
607 * @return #wbcErr
608 **/
609wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
610 char **domain,
611 char **name,
612 enum wbcSidType *name_type);
613
614/**
615 * @brief Translate a collection of RIDs within a domain to names
616 */
617wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
618 int num_rids,
619 uint32_t *rids,
620 const char **domain_name,
621 const char ***names,
622 enum wbcSidType **types);
623
624/*
625 * @brief Get the groups a user belongs to
626 **/
627wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
628 bool domain_groups_only,
629 uint32_t *num_sids,
630 struct wbcDomainSid **sids);
631
632/*
633 * @brief Get alias membership for sids
634 **/
635wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid,
636 struct wbcDomainSid *sids,
637 uint32_t num_sids,
638 uint32_t **alias_rids,
639 uint32_t *num_alias_rids);
640
641/**
642 * @brief Lists Users
643 **/
644wbcErr wbcListUsers(const char *domain_name,
645 uint32_t *num_users,
646 const char ***users);
647
648/**
649 * @brief Lists Groups
650 **/
651wbcErr wbcListGroups(const char *domain_name,
652 uint32_t *num_groups,
653 const char ***groups);
654
655wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid,
656 char **pdomain,
657 char **pfullname,
658 enum wbcSidType *pname_type);
659
660/**********************************************************
661 * SID/uid/gid Mappings
662 **********************************************************/
663
664/**
665 * @brief Convert a Windows SID to a Unix uid, allocating an uid if needed
666 *
667 * @param *sid Pointer to the domain SID to be resolved
668 * @param *puid Pointer to the resolved uid_t value
669 *
670 * @return #wbcErr
671 *
672 **/
673wbcErr wbcSidToUid(const struct wbcDomainSid *sid,
674 uid_t *puid);
675
676/**
677 * @brief Convert a Windows SID to a Unix uid if there already is a mapping
678 *
679 * @param *sid Pointer to the domain SID to be resolved
680 * @param *puid Pointer to the resolved uid_t value
681 *
682 * @return #wbcErr
683 *
684 **/
685wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid,
686 uid_t *puid);
687
688/**
689 * @brief Convert a Unix uid to a Windows SID, allocating a SID if needed
690 *
691 * @param uid Unix uid to be resolved
692 * @param *sid Pointer to the resolved domain SID
693 *
694 * @return #wbcErr
695 *
696 **/
697wbcErr wbcUidToSid(uid_t uid,
698 struct wbcDomainSid *sid);
699
700/**
701 * @brief Convert a Unix uid to a Windows SID if there already is a mapping
702 *
703 * @param uid Unix uid to be resolved
704 * @param *sid Pointer to the resolved domain SID
705 *
706 * @return #wbcErr
707 *
708 **/
709wbcErr wbcQueryUidToSid(uid_t uid,
710 struct wbcDomainSid *sid);
711
712/**
713 * @brief Convert a Windows SID to a Unix gid, allocating a gid if needed
714 *
715 * @param *sid Pointer to the domain SID to be resolved
716 * @param *pgid Pointer to the resolved gid_t value
717 *
718 * @return #wbcErr
719 *
720 **/
721wbcErr wbcSidToGid(const struct wbcDomainSid *sid,
722 gid_t *pgid);
723
724/**
725 * @brief Convert a Windows SID to a Unix gid if there already is a mapping
726 *
727 * @param *sid Pointer to the domain SID to be resolved
728 * @param *pgid Pointer to the resolved gid_t value
729 *
730 * @return #wbcErr
731 *
732 **/
733wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid,
734 gid_t *pgid);
735
736/**
737 * @brief Convert a Unix gid to a Windows SID, allocating a SID if needed
738 *
739 * @param gid Unix gid to be resolved
740 * @param *sid Pointer to the resolved domain SID
741 *
742 * @return #wbcErr
743 *
744 **/
745wbcErr wbcGidToSid(gid_t gid,
746 struct wbcDomainSid *sid);
747
748/**
749 * @brief Convert a Unix gid to a Windows SID if there already is a mapping
750 *
751 * @param gid Unix gid to be resolved
752 * @param *sid Pointer to the resolved domain SID
753 *
754 * @return #wbcErr
755 *
756 **/
757wbcErr wbcQueryGidToSid(gid_t gid,
758 struct wbcDomainSid *sid);
759
760/**
761 * @brief Obtain a new uid from Winbind
762 *
763 * @param *puid *pointer to the allocated uid
764 *
765 * @return #wbcErr
766 **/
767wbcErr wbcAllocateUid(uid_t *puid);
768
769/**
770 * @brief Obtain a new gid from Winbind
771 *
772 * @param *pgid Pointer to the allocated gid
773 *
774 * @return #wbcErr
775 **/
776wbcErr wbcAllocateGid(gid_t *pgid);
777
778/**
779 * @brief Set an user id mapping
780 *
781 * @param uid Uid of the desired mapping.
782 * @param *sid Pointer to the sid of the diresired mapping.
783 *
784 * @return #wbcErr
785 **/
786wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid);
787
788/**
789 * @brief Set a group id mapping
790 *
791 * @param gid Gid of the desired mapping.
792 * @param *sid Pointer to the sid of the diresired mapping.
793 *
794 * @return #wbcErr
795 **/
796wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid);
797
798/**
799 * @brief Remove a user id mapping
800 *
801 * @param uid Uid of the mapping to remove.
802 * @param *sid Pointer to the sid of the mapping to remove.
803 *
804 * @return #wbcErr
805 **/
806wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid);
807
808/**
809 * @brief Remove a group id mapping
810 *
811 * @param gid Gid of the mapping to remove.
812 * @param *sid Pointer to the sid of the mapping to remove.
813 *
814 * @return #wbcErr
815 **/
816wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid);
817
818/**
819 * @brief Set the highwater mark for allocated uids.
820 *
821 * @param uid_hwm The new uid highwater mark value
822 *
823 * @return #wbcErr
824 **/
825wbcErr wbcSetUidHwm(uid_t uid_hwm);
826
827/**
828 * @brief Set the highwater mark for allocated gids.
829 *
830 * @param gid_hwm The new gid highwater mark value
831 *
832 * @return #wbcErr
833 **/
834wbcErr wbcSetGidHwm(gid_t gid_hwm);
835
836/**********************************************************
837 * NSS Lookup User/Group details
838 **********************************************************/
839
840/**
841 * @brief Fill in a struct passwd* for a domain user based
842 * on username
843 *
844 * @param *name Username to lookup
845 * @param **pwd Pointer to resulting struct passwd* from the query.
846 *
847 * @return #wbcErr
848 **/
849wbcErr wbcGetpwnam(const char *name, struct passwd **pwd);
850
851/**
852 * @brief Fill in a struct passwd* for a domain user based
853 * on uid
854 *
855 * @param uid Uid to lookup
856 * @param **pwd Pointer to resulting struct passwd* from the query.
857 *
858 * @return #wbcErr
859 **/
860wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd);
861
862/**
863 * @brief Fill in a struct passwd* for a domain user based
864 * on sid
865 *
866 * @param sid Sid to lookup
867 * @param **pwd Pointer to resulting struct passwd* from the query.
868 *
869 * @return #wbcErr
870 **/
871wbcErr wbcGetpwsid(struct wbcDomainSid * sid, struct passwd **pwd);
872
873/**
874 * @brief Fill in a struct passwd* for a domain user based
875 * on username
876 *
877 * @param *name Username to lookup
878 * @param **grp Pointer to resulting struct group* from the query.
879 *
880 * @return #wbcErr
881 **/
882wbcErr wbcGetgrnam(const char *name, struct group **grp);
883
884/**
885 * @brief Fill in a struct passwd* for a domain user based
886 * on uid
887 *
888 * @param gid Uid to lookup
889 * @param **grp Pointer to resulting struct group* from the query.
890 *
891 * @return #wbcErr
892 **/
893wbcErr wbcGetgrgid(gid_t gid, struct group **grp);
894
895/**
896 * @brief Reset the passwd iterator
897 *
898 * @return #wbcErr
899 **/
900wbcErr wbcSetpwent(void);
901
902/**
903 * @brief Close the passwd iterator
904 *
905 * @return #wbcErr
906 **/
907wbcErr wbcEndpwent(void);
908
909/**
910 * @brief Return the next struct passwd* entry from the pwent iterator
911 *
912 * @param **pwd Pointer to resulting struct passwd* from the query.
913 *
914 * @return #wbcErr
915 **/
916wbcErr wbcGetpwent(struct passwd **pwd);
917
918/**
919 * @brief Reset the group iterator
920 *
921 * @return #wbcErr
922 **/
923wbcErr wbcSetgrent(void);
924
925/**
926 * @brief Close the group iterator
927 *
928 * @return #wbcErr
929 **/
930wbcErr wbcEndgrent(void);
931
932/**
933 * @brief Return the next struct group* entry from the pwent iterator
934 *
935 * @param **grp Pointer to resulting struct group* from the query.
936 *
937 * @return #wbcErr
938 **/
939wbcErr wbcGetgrent(struct group **grp);
940
941/**
942 * @brief Return the next struct group* entry from the pwent iterator
943 *
944 * This is similar to #wbcGetgrent, just that the member list is empty
945 *
946 * @param **grp Pointer to resulting struct group* from the query.
947 *
948 * @return #wbcErr
949 **/
950wbcErr wbcGetgrlist(struct group **grp);
951
952/**
953 * @brief Return the unix group array belonging to the given user
954 *
955 * @param *account The given user name
956 * @param *num_groups Number of elements returned in the groups array
957 * @param **_groups Pointer to resulting gid_t array.
958 *
959 * @return #wbcErr
960 **/
961wbcErr wbcGetGroups(const char *account,
962 uint32_t *num_groups,
963 gid_t **_groups);
964
965
966/**********************************************************
967 * Lookup Domain information
968 **********************************************************/
969
970/**
971 * @brief Lookup the current status of a trusted domain
972 *
973 * @param domain Domain to query
974 * @param *info Pointer to returned domain_info struct
975 *
976 * @return #wbcErr
977 **/
978wbcErr wbcDomainInfo(const char *domain,
979 struct wbcDomainInfo **info);
980
981/**
982 * @brief Enumerate the domain trusts known by Winbind
983 *
984 * @param **domains Pointer to the allocated domain list array
985 * @param *num_domains Pointer to number of domains returned
986 *
987 * @return #wbcErr
988 **/
989wbcErr wbcListTrusts(struct wbcDomainInfo **domains,
990 size_t *num_domains);
991
992/* Flags for wbcLookupDomainController */
993
994#define WBC_LOOKUP_DC_FORCE_REDISCOVERY 0x00000001
995#define WBC_LOOKUP_DC_DS_REQUIRED 0x00000010
996#define WBC_LOOKUP_DC_DS_PREFERRED 0x00000020
997#define WBC_LOOKUP_DC_GC_SERVER_REQUIRED 0x00000040
998#define WBC_LOOKUP_DC_PDC_REQUIRED 0x00000080
999#define WBC_LOOKUP_DC_BACKGROUND_ONLY 0x00000100
1000#define WBC_LOOKUP_DC_IP_REQUIRED 0x00000200
1001#define WBC_LOOKUP_DC_KDC_REQUIRED 0x00000400
1002#define WBC_LOOKUP_DC_TIMESERV_REQUIRED 0x00000800
1003#define WBC_LOOKUP_DC_WRITABLE_REQUIRED 0x00001000
1004#define WBC_LOOKUP_DC_GOOD_TIMESERV_PREFERRED 0x00002000
1005#define WBC_LOOKUP_DC_AVOID_SELF 0x00004000
1006#define WBC_LOOKUP_DC_ONLY_LDAP_NEEDED 0x00008000
1007#define WBC_LOOKUP_DC_IS_FLAT_NAME 0x00010000
1008#define WBC_LOOKUP_DC_IS_DNS_NAME 0x00020000
1009#define WBC_LOOKUP_DC_TRY_NEXTCLOSEST_SITE 0x00040000
1010#define WBC_LOOKUP_DC_DS_6_REQUIRED 0x00080000
1011#define WBC_LOOKUP_DC_RETURN_DNS_NAME 0x40000000
1012#define WBC_LOOKUP_DC_RETURN_FLAT_NAME 0x80000000
1013
1014/**
1015 * @brief Enumerate the domain trusts known by Winbind
1016 *
1017 * @param domain Name of the domain to query for a DC
1018 * @param flags Bit flags used to control the domain location query
1019 * @param *dc_info Pointer to the returned domain controller information
1020 *
1021 * @return #wbcErr
1022 **/
1023wbcErr wbcLookupDomainController(const char *domain,
1024 uint32_t flags,
1025 struct wbcDomainControllerInfo **dc_info);
1026
1027/**
1028 * @brief Get extended domain controller information
1029 *
1030 * @param domain Name of the domain to query for a DC
1031 * @param guid Guid of the domain to query for a DC
1032 * @param site Site of the domain to query for a DC
1033 * @param flags Bit flags used to control the domain location query
1034 * @param *dc_info Pointer to the returned extended domain controller information
1035 *
1036 * @return #wbcErr
1037 **/
1038wbcErr wbcLookupDomainControllerEx(const char *domain,
1039 struct wbcGuid *guid,
1040 const char *site,
1041 uint32_t flags,
1042 struct wbcDomainControllerInfoEx **dc_info);
1043
1044/**********************************************************
1045 * Athenticate functions
1046 **********************************************************/
1047
1048/**
1049 * @brief Authenticate a username/password pair
1050 *
1051 * @param username Name of user to authenticate
1052 * @param password Clear text password os user
1053 *
1054 * @return #wbcErr
1055 **/
1056wbcErr wbcAuthenticateUser(const char *username,
1057 const char *password);
1058
1059/**
1060 * @brief Authenticate with more detailed information
1061 *
1062 * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH
1063 * is not supported yet
1064 * @param info Output details on WBC_ERR_SUCCESS
1065 * @param error Output details on WBC_ERR_AUTH_ERROR
1066 *
1067 * @return #wbcErr
1068 **/
1069wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
1070 struct wbcAuthUserInfo **info,
1071 struct wbcAuthErrorInfo **error);
1072
1073/**
1074 * @brief Logon a User
1075 *
1076 * @param[in] params Pointer to a wbcLogonUserParams structure
1077 * @param[out] info Pointer to a pointer to a wbcLogonUserInfo structure
1078 * @param[out] error Pointer to a pointer to a wbcAuthErrorInfo structure
1079 * @param[out] policy Pointer to a pointer to a wbcUserPasswordPolicyInfo structure
1080 *
1081 * @return #wbcErr
1082 **/
1083wbcErr wbcLogonUser(const struct wbcLogonUserParams *params,
1084 struct wbcLogonUserInfo **info,
1085 struct wbcAuthErrorInfo **error,
1086 struct wbcUserPasswordPolicyInfo **policy);
1087
1088/**
1089 * @brief Trigger a logoff notification to Winbind for a specific user
1090 *
1091 * @param username Name of user to remove from Winbind's list of
1092 * logged on users.
1093 * @param uid Uid assigned to the username
1094 * @param ccfilename Absolute path to the Krb5 credentials cache to
1095 * be removed
1096 *
1097 * @return #wbcErr
1098 **/
1099wbcErr wbcLogoffUser(const char *username,
1100 uid_t uid,
1101 const char *ccfilename);
1102
1103/**
1104 * @brief Trigger an extended logoff notification to Winbind for a specific user
1105 *
1106 * @param params A wbcLogoffUserParams structure
1107 * @param error User output details on error
1108 *
1109 * @return #wbcErr
1110 **/
1111wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params,
1112 struct wbcAuthErrorInfo **error);
1113
1114/**
1115 * @brief Change a password for a user
1116 *
1117 * @param username Name of user to authenticate
1118 * @param old_password Old clear text password of user
1119 * @param new_password New clear text password of user
1120 *
1121 * @return #wbcErr
1122 **/
1123wbcErr wbcChangeUserPassword(const char *username,
1124 const char *old_password,
1125 const char *new_password);
1126
1127/**
1128 * @brief Change a password for a user with more detailed information upon
1129 * failure
1130 *
1131 * @param params Input parameters
1132 * @param error User output details on WBC_ERR_PWD_CHANGE_FAILED
1133 * @param reject_reason New password reject reason on WBC_ERR_PWD_CHANGE_FAILED
1134 * @param policy Password policy output details on WBC_ERR_PWD_CHANGE_FAILED
1135 *
1136 * @return #wbcErr
1137 **/
1138wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params,
1139 struct wbcAuthErrorInfo **error,
1140 enum wbcPasswordChangeRejectReason *reject_reason,
1141 struct wbcUserPasswordPolicyInfo **policy);
1142
1143/**
1144 * @brief Authenticate a user with cached credentials
1145 *
1146 * @param *params Pointer to a wbcCredentialCacheParams structure
1147 * @param **info Pointer to a pointer to a wbcCredentialCacheInfo structure
1148 * @param **error Pointer to a pointer to a wbcAuthErrorInfo structure
1149 *
1150 * @return #wbcErr
1151 **/
1152wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params,
1153 struct wbcCredentialCacheInfo **info,
1154 struct wbcAuthErrorInfo **error);
1155
1156/**
1157 * @brief Save a password with winbind for doing wbcCredentialCache() later
1158 *
1159 * @param *user Username
1160 * @param *password Password
1161 *
1162 * @return #wbcErr
1163 **/
1164wbcErr wbcCredentialSave(const char *user, const char *password);
1165
1166/**********************************************************
1167 * Resolve functions
1168 **********************************************************/
1169
1170/**
1171 * @brief Resolve a NetbiosName via WINS
1172 *
1173 * @param name Name to resolve
1174 * @param *ip Pointer to the ip address string
1175 *
1176 * @return #wbcErr
1177 **/
1178wbcErr wbcResolveWinsByName(const char *name, char **ip);
1179
1180/**
1181 * @brief Resolve an IP address via WINS into a NetbiosName
1182 *
1183 * @param ip The ip address string
1184 * @param *name Pointer to the name
1185 *
1186 * @return #wbcErr
1187 *
1188 **/
1189wbcErr wbcResolveWinsByIP(const char *ip, char **name);
1190
1191/**********************************************************
1192 * Trusted domain functions
1193 **********************************************************/
1194
1195/**
1196 * @brief Trigger a verification of the trust credentials of a specific domain
1197 *
1198 * @param *domain The name of the domain.
1199 * @param error Output details on WBC_ERR_AUTH_ERROR
1200 *
1201 * @return #wbcErr
1202 **/
1203wbcErr wbcCheckTrustCredentials(const char *domain,
1204 struct wbcAuthErrorInfo **error);
1205
1206/**
1207 * @brief Trigger a change of the trust credentials for a specific domain
1208 *
1209 * @param *domain The name of the domain.
1210 * @param error Output details on WBC_ERR_AUTH_ERROR
1211 *
1212 * @return #wbcErr
1213 **/
1214wbcErr wbcChangeTrustCredentials(const char *domain,
1215 struct wbcAuthErrorInfo **error);
1216
1217/**
1218 * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost
1219 * version of wbcCheckTrustCredentials
1220 *
1221 * @param *domain The name of the domain, only NULL for the default domain is
1222 * supported yet. Other values than NULL will result in
1223 * WBC_ERR_NOT_IMPLEMENTED.
1224 * @param error Output details on WBC_ERR_AUTH_ERROR
1225 *
1226 * @return #wbcErr
1227 **/
1228wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error);
1229
1230/**********************************************************
1231 * Helper functions
1232 **********************************************************/
1233
1234/**
1235 * @brief Initialize a named blob and add to list of blobs
1236 *
1237 * @param[in,out] num_blobs Pointer to the number of blobs
1238 * @param[in,out] blobs Pointer to an array of blobs
1239 * @param[in] name Name of the new named blob
1240 * @param[in] flags Flags of the new named blob
1241 * @param[in] data Blob data of new blob
1242 * @param[in] length Blob data length of new blob
1243 *
1244 * @return #wbcErr
1245 **/
1246wbcErr wbcAddNamedBlob(size_t *num_blobs,
1247 struct wbcNamedBlob **blobs,
1248 const char *name,
1249 uint32_t flags,
1250 uint8_t *data,
1251 size_t length);
1252
1253#endif /* _WBCLIENT_H */
Note: See TracBrowser for help on using the repository browser.