source: trunk/server/nsswitch/libwbclient/wbclient.h

Last change on this file was 745, checked in by Silvan Scherrer, 13 years ago

Samba Server: updated trunk to 3.6.0
File size: 36.5 KB
RevLine 
[745]1/*
2 Unix SMB/CIFS implementation.
3
4 Winbind client API
5
6 Copyright (C) Gerald (Jerry) Carter 2007
7 Copyright (C) Volker Lendecke 2009
8
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Lesser General Public
11 License as published by the Free Software Foundation; either
12 version 3 of the License, or (at your option) any later version.
13
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Library General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21*/
22
23#ifndef _WBCLIENT_H
24#define _WBCLIENT_H
25
26#include <pwd.h>
27#include <grp.h>
28
29/* Define error types */
30
31/**
32 * @brief Status codes returned from wbc functions
33 **/
34
35enum _wbcErrType {
36 WBC_ERR_SUCCESS = 0, /**< Successful completion **/
37 WBC_ERR_NOT_IMPLEMENTED,/**< Function not implemented **/
38 WBC_ERR_UNKNOWN_FAILURE,/**< General failure **/
39 WBC_ERR_NO_MEMORY, /**< Memory allocation error **/
40 WBC_ERR_INVALID_SID, /**< Invalid SID format **/
41 WBC_ERR_INVALID_PARAM, /**< An Invalid parameter was supplied **/
42 WBC_ERR_WINBIND_NOT_AVAILABLE, /**< Winbind daemon is not available **/
43 WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/
44 WBC_ERR_INVALID_RESPONSE, /**< Winbind returned an invalid response **/
45 WBC_ERR_NSS_ERROR, /**< NSS_STATUS error **/
46 WBC_ERR_AUTH_ERROR, /**< Authentication failed **/
47 WBC_ERR_UNKNOWN_USER, /**< User account cannot be found */
48 WBC_ERR_UNKNOWN_GROUP, /**< Group account cannot be found */
49 WBC_ERR_PWD_CHANGE_FAILED /**< Password Change has failed */
50};
51
52typedef enum _wbcErrType wbcErr;
53
54#define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS)
55
56const char *wbcErrorString(wbcErr error);
57
58/**
59 * @brief Some useful details about the wbclient library
60 *
61 * 0.1: Initial version
62 * 0.2: Added wbcRemoveUidMapping()
63 * Added wbcRemoveGidMapping()
64 * 0.3: Added wbcGetpwsid()
65 * Added wbcGetSidAliases()
66 * 0.4: Added wbcSidTypeString()
67 * 0.5: Added wbcChangeTrustCredentials()
68 * 0.6: Made struct wbcInterfaceDetails char* members non-const
69 * 0.7: Added wbcSidToStringBuf()
70 * 0.8: Added wbcSidsToUnixIds() and wbcLookupSids()
71 **/
72#define WBCLIENT_MAJOR_VERSION 0
73#define WBCLIENT_MINOR_VERSION 8
74#define WBCLIENT_VENDOR_VERSION "Samba libwbclient"
75struct wbcLibraryDetails {
76 uint16_t major_version;
77 uint16_t minor_version;
78 const char *vendor_version;
79};
80
81/**
82 * @brief Some useful details about the running winbindd
83 *
84 **/
85struct wbcInterfaceDetails {
86 uint32_t interface_version;
87 char *winbind_version;
88 char winbind_separator;
89 char *netbios_name;
90 char *netbios_domain;
91 char *dns_domain;
92};
93
94/*
95 * Data types used by the Winbind Client API
96 */
97
98#ifndef WBC_MAXSUBAUTHS
99#define WBC_MAXSUBAUTHS 15 /* max sub authorities in a SID */
100#endif
101
102/**
103 * @brief Windows Security Identifier
104 *
105 **/
106
107struct wbcDomainSid {
108 uint8_t sid_rev_num;
109 uint8_t num_auths;
110 uint8_t id_auth[6];
111 uint32_t sub_auths[WBC_MAXSUBAUTHS];
112};
113
114/**
115 * @brief Security Identifier type
116 **/
117
118enum wbcSidType {
119 WBC_SID_NAME_USE_NONE=0,
120 WBC_SID_NAME_USER=1,
121 WBC_SID_NAME_DOM_GRP=2,
122 WBC_SID_NAME_DOMAIN=3,
123 WBC_SID_NAME_ALIAS=4,
124 WBC_SID_NAME_WKN_GRP=5,
125 WBC_SID_NAME_DELETED=6,
126 WBC_SID_NAME_INVALID=7,
127 WBC_SID_NAME_UNKNOWN=8,
128 WBC_SID_NAME_COMPUTER=9
129};
130
131/**
132 * @brief Security Identifier with attributes
133 **/
134
135struct wbcSidWithAttr {
136 struct wbcDomainSid sid;
137 uint32_t attributes;
138};
139
140/* wbcSidWithAttr->attributes */
141
142#define WBC_SID_ATTR_GROUP_MANDATORY 0x00000001
143#define WBC_SID_ATTR_GROUP_ENABLED_BY_DEFAULT 0x00000002
144#define WBC_SID_ATTR_GROUP_ENABLED 0x00000004
145#define WBC_SID_ATTR_GROUP_OWNER 0x00000008
146#define WBC_SID_ATTR_GROUP_USEFOR_DENY_ONLY 0x00000010
147#define WBC_SID_ATTR_GROUP_RESOURCE 0x20000000
148#define WBC_SID_ATTR_GROUP_LOGON_ID 0xC0000000
149
150/**
151 * @brief Windows GUID
152 *
153 **/
154
155struct wbcGuid {
156 uint32_t time_low;
157 uint16_t time_mid;
158 uint16_t time_hi_and_version;
159 uint8_t clock_seq[2];
160 uint8_t node[6];
161};
162
163/**
164 * @brief Domain Information
165 **/
166
167struct wbcDomainInfo {
168 char *short_name;
169 char *dns_name;
170 struct wbcDomainSid sid;
171 uint32_t domain_flags;
172 uint32_t trust_flags;
173 uint32_t trust_type;
174};
175
176/* wbcDomainInfo->domain_flags */
177
178#define WBC_DOMINFO_DOMAIN_UNKNOWN 0x00000000
179#define WBC_DOMINFO_DOMAIN_NATIVE 0x00000001
180#define WBC_DOMINFO_DOMAIN_AD 0x00000002
181#define WBC_DOMINFO_DOMAIN_PRIMARY 0x00000004
182#define WBC_DOMINFO_DOMAIN_OFFLINE 0x00000008
183
184/* wbcDomainInfo->trust_flags */
185
186#define WBC_DOMINFO_TRUST_TRANSITIVE 0x00000001
187#define WBC_DOMINFO_TRUST_INCOMING 0x00000002
188#define WBC_DOMINFO_TRUST_OUTGOING 0x00000004
189
190/* wbcDomainInfo->trust_type */
191
192#define WBC_DOMINFO_TRUSTTYPE_NONE 0x00000000
193#define WBC_DOMINFO_TRUSTTYPE_FOREST 0x00000001
194#define WBC_DOMINFO_TRUSTTYPE_IN_FOREST 0x00000002
195#define WBC_DOMINFO_TRUSTTYPE_EXTERNAL 0x00000003
196
197/**
198 * @brief Auth User Parameters
199 **/
200
201struct wbcAuthUserParams {
202 const char *account_name;
203 const char *domain_name;
204 const char *workstation_name;
205
206 uint32_t flags;
207
208 uint32_t parameter_control;
209
210 enum wbcAuthUserLevel {
211 WBC_AUTH_USER_LEVEL_PLAIN = 1,
212 WBC_AUTH_USER_LEVEL_HASH = 2,
213 WBC_AUTH_USER_LEVEL_RESPONSE = 3
214 } level;
215 union {
216 const char *plaintext;
217 struct {
218 uint8_t nt_hash[16];
219 uint8_t lm_hash[16];
220 } hash;
221 struct {
222 uint8_t challenge[8];
223 uint32_t nt_length;
224 uint8_t *nt_data;
225 uint32_t lm_length;
226 uint8_t *lm_data;
227 } response;
228 } password;
229};
230
231/**
232 * @brief Generic Blob
233 **/
234
235struct wbcBlob {
236 uint8_t *data;
237 size_t length;
238};
239
240/**
241 * @brief Named Blob
242 **/
243
244struct wbcNamedBlob {
245 const char *name;
246 uint32_t flags;
247 struct wbcBlob blob;
248};
249
250/**
251 * @brief Logon User Parameters
252 **/
253
254struct wbcLogonUserParams {
255 const char *username;
256 const char *password;
257 size_t num_blobs;
258 struct wbcNamedBlob *blobs;
259};
260
261/**
262 * @brief ChangePassword Parameters
263 **/
264
265struct wbcChangePasswordParams {
266 const char *account_name;
267 const char *domain_name;
268
269 uint32_t flags;
270
271 enum wbcChangePasswordLevel {
272 WBC_CHANGE_PASSWORD_LEVEL_PLAIN = 1,
273 WBC_CHANGE_PASSWORD_LEVEL_RESPONSE = 2
274 } level;
275
276 union {
277 const char *plaintext;
278 struct {
279 uint32_t old_nt_hash_enc_length;
280 uint8_t *old_nt_hash_enc_data;
281 uint32_t old_lm_hash_enc_length;
282 uint8_t *old_lm_hash_enc_data;
283 } response;
284 } old_password;
285 union {
286 const char *plaintext;
287 struct {
288 uint32_t nt_length;
289 uint8_t *nt_data;
290 uint32_t lm_length;
291 uint8_t *lm_data;
292 } response;
293 } new_password;
294};
295
296/* wbcAuthUserParams->parameter_control */
297
298#define WBC_MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x00000002
299#define WBC_MSV1_0_UPDATE_LOGON_STATISTICS 0x00000004
300#define WBC_MSV1_0_RETURN_USER_PARAMETERS 0x00000008
301#define WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x00000020
302#define WBC_MSV1_0_RETURN_PROFILE_PATH 0x00000200
303#define WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x00000800
304
305/* wbcAuthUserParams->flags */
306
307#define WBC_AUTH_PARAM_FLAGS_INTERACTIVE_LOGON 0x00000001
308
309/**
310 * @brief Auth User Information
311 *
312 * Some of the strings are maybe NULL
313 **/
314
315struct wbcAuthUserInfo {
316 uint32_t user_flags;
317
318 char *account_name;
319 char *user_principal;
320 char *full_name;
321 char *domain_name;
322 char *dns_domain_name;
323
324 uint32_t acct_flags;
325 uint8_t user_session_key[16];
326 uint8_t lm_session_key[8];
327
328 uint16_t logon_count;
329 uint16_t bad_password_count;
330
331 uint64_t logon_time;
332 uint64_t logoff_time;
333 uint64_t kickoff_time;
334 uint64_t pass_last_set_time;
335 uint64_t pass_can_change_time;
336 uint64_t pass_must_change_time;
337
338 char *logon_server;
339 char *logon_script;
340 char *profile_path;
341 char *home_directory;
342 char *home_drive;
343
344 /*
345 * the 1st one is the account sid
346 * the 2nd one is the primary_group sid
347 * followed by the rest of the groups
348 */
349 uint32_t num_sids;
350 struct wbcSidWithAttr *sids;
351};
352
353/**
354 * @brief Logon User Information
355 *
356 * Some of the strings are maybe NULL
357 **/
358
359struct wbcLogonUserInfo {
360 struct wbcAuthUserInfo *info;
361 size_t num_blobs;
362 struct wbcNamedBlob *blobs;
363};
364
365/* wbcAuthUserInfo->user_flags */
366
367#define WBC_AUTH_USER_INFO_GUEST 0x00000001
368#define WBC_AUTH_USER_INFO_NOENCRYPTION 0x00000002
369#define WBC_AUTH_USER_INFO_CACHED_ACCOUNT 0x00000004
370#define WBC_AUTH_USER_INFO_USED_LM_PASSWORD 0x00000008
371#define WBC_AUTH_USER_INFO_EXTRA_SIDS 0x00000020
372#define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY 0x00000040
373#define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT 0x00000080
374#define WBC_AUTH_USER_INFO_NTLMV2_ENABLED 0x00000100
375#define WBC_AUTH_USER_INFO_RESOURCE_GROUPS 0x00000200
376#define WBC_AUTH_USER_INFO_PROFILE_PATH_RETURNED 0x00000400
377#define WBC_AUTH_USER_INFO_GRACE_LOGON 0x01000000
378
379/* wbcAuthUserInfo->acct_flags */
380
381#define WBC_ACB_DISABLED 0x00000001 /* 1 User account disabled */
382#define WBC_ACB_HOMDIRREQ 0x00000002 /* 1 Home directory required */
383#define WBC_ACB_PWNOTREQ 0x00000004 /* 1 User password not required */
384#define WBC_ACB_TEMPDUP 0x00000008 /* 1 Temporary duplicate account */
385#define WBC_ACB_NORMAL 0x00000010 /* 1 Normal user account */
386#define WBC_ACB_MNS 0x00000020 /* 1 MNS logon user account */
387#define WBC_ACB_DOMTRUST 0x00000040 /* 1 Interdomain trust account */
388#define WBC_ACB_WSTRUST 0x00000080 /* 1 Workstation trust account */
389#define WBC_ACB_SVRTRUST 0x00000100 /* 1 Server trust account */
390#define WBC_ACB_PWNOEXP 0x00000200 /* 1 User password does not expire */
391#define WBC_ACB_AUTOLOCK 0x00000400 /* 1 Account auto locked */
392#define WBC_ACB_ENC_TXT_PWD_ALLOWED 0x00000800 /* 1 Encryped text password is allowed */
393#define WBC_ACB_SMARTCARD_REQUIRED 0x00001000 /* 1 Smart Card required */
394#define WBC_ACB_TRUSTED_FOR_DELEGATION 0x00002000 /* 1 Trusted for Delegation */
395#define WBC_ACB_NOT_DELEGATED 0x00004000 /* 1 Not delegated */
396#define WBC_ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 Use DES key only */
397#define WBC_ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 Preauth not required */
398#define WBC_ACB_PW_EXPIRED 0x00020000 /* 1 Password Expired */
399#define WBC_ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */
400
401struct wbcAuthErrorInfo {
402 uint32_t nt_status;
403 char *nt_string;
404 int32_t pam_error;
405 char *display_string;
406};
407
408/**
409 * @brief User Password Policy Information
410 **/
411
412/* wbcUserPasswordPolicyInfo->password_properties */
413
414#define WBC_DOMAIN_PASSWORD_COMPLEX 0x00000001
415#define WBC_DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002
416#define WBC_DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004
417#define WBC_DOMAIN_PASSWORD_LOCKOUT_ADMINS 0x00000008
418#define WBC_DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010
419#define WBC_DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020
420
421struct wbcUserPasswordPolicyInfo {
422 uint32_t min_length_password;
423 uint32_t password_history;
424 uint32_t password_properties;
425 uint64_t expire;
426 uint64_t min_passwordage;
427};
428
429/**
430 * @brief Change Password Reject Reason
431 **/
432
433enum wbcPasswordChangeRejectReason {
434 WBC_PWD_CHANGE_NO_ERROR=0,
435 WBC_PWD_CHANGE_PASSWORD_TOO_SHORT=1,
436 WBC_PWD_CHANGE_PWD_IN_HISTORY=2,
437 WBC_PWD_CHANGE_USERNAME_IN_PASSWORD=3,
438 WBC_PWD_CHANGE_FULLNAME_IN_PASSWORD=4,
439 WBC_PWD_CHANGE_NOT_COMPLEX=5,
440 WBC_PWD_CHANGE_MACHINE_NOT_DEFAULT=6,
441 WBC_PWD_CHANGE_FAILED_BY_FILTER=7,
442 WBC_PWD_CHANGE_PASSWORD_TOO_LONG=8
443};
444
445/* Note: this defines exist for compatibility reasons with existing code */
446#define WBC_PWD_CHANGE_REJECT_OTHER WBC_PWD_CHANGE_NO_ERROR
447#define WBC_PWD_CHANGE_REJECT_TOO_SHORT WBC_PWD_CHANGE_PASSWORD_TOO_SHORT
448#define WBC_PWD_CHANGE_REJECT_IN_HISTORY WBC_PWD_CHANGE_PWD_IN_HISTORY
449#define WBC_PWD_CHANGE_REJECT_COMPLEXITY WBC_PWD_CHANGE_NOT_COMPLEX
450
451/**
452 * @brief Logoff User Parameters
453 **/
454
455struct wbcLogoffUserParams {
456 const char *username;
457 size_t num_blobs;
458 struct wbcNamedBlob *blobs;
459};
460
461/** @brief Credential cache log-on parameters
462 *
463 */
464
465struct wbcCredentialCacheParams {
466 const char *account_name;
467 const char *domain_name;
468 enum wbcCredentialCacheLevel {
469 WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP = 1
470 } level;
471 size_t num_blobs;
472 struct wbcNamedBlob *blobs;
473};
474
475
476/** @brief Info returned by credential cache auth
477 *
478 */
479
480struct wbcCredentialCacheInfo {
481 size_t num_blobs;
482 struct wbcNamedBlob *blobs;
483};
484
485/*
486 * DomainControllerInfo struct
487 */
488struct wbcDomainControllerInfo {
489 char *dc_name;
490};
491
492/*
493 * DomainControllerInfoEx struct
494 */
495struct wbcDomainControllerInfoEx {
496 const char *dc_unc;
497 const char *dc_address;
498 uint16_t dc_address_type;
499 struct wbcGuid *domain_guid;
500 const char *domain_name;
501 const char *forest_name;
502 uint32_t dc_flags;
503 const char *dc_site_name;
504 const char *client_site_name;
505};
506
507/**********************************************************
508 * Memory Management
509 **********************************************************/
510
511/**
512 * @brief Free library allocated memory
513 *
514 * @param * Pointer to free
515 *
516 * @return void
517 **/
518void wbcFreeMemory(void*);
519
520
521/*
522 * Utility functions for dealing with SIDs
523 */
524
525/**
526 * @brief Get a string representation of the SID type
527 *
528 * @param type type of the SID
529 *
530 * @return string representation of the SID type
531 */
532const char* wbcSidTypeString(enum wbcSidType type);
533
534#define WBC_SID_STRING_BUFLEN (15*11+25)
535
536/*
537 * @brief Print a sid into a buffer
538 *
539 * @param sid Binary Security Identifier
540 * @param buf Target buffer
541 * @param buflen Target buffer length
542 *
543 * @return Resulting string length.
544 */
545int wbcSidToStringBuf(const struct wbcDomainSid *sid, char *buf, int buflen);
546
547/**
548 * @brief Convert a binary SID to a character string
549 *
550 * @param sid Binary Security Identifier
551 * @param **sid_string Resulting character string
552 *
553 * @return #wbcErr
554 **/
555wbcErr wbcSidToString(const struct wbcDomainSid *sid,
556 char **sid_string);
557
558/**
559 * @brief Convert a character string to a binary SID
560 *
561 * @param *sid_string Character string in the form of S-...
562 * @param sid Resulting binary SID
563 *
564 * @return #wbcErr
565 **/
566wbcErr wbcStringToSid(const char *sid_string,
567 struct wbcDomainSid *sid);
568
569/*
570 * Utility functions for dealing with GUIDs
571 */
572
573/**
574 * @brief Convert a binary GUID to a character string
575 *
576 * @param guid Binary Guid
577 * @param **guid_string Resulting character string
578 *
579 * @return #wbcErr
580 **/
581wbcErr wbcGuidToString(const struct wbcGuid *guid,
582 char **guid_string);
583
584/**
585 * @brief Convert a character string to a binary GUID
586 *
587 * @param *guid_string Character string
588 * @param guid Resulting binary GUID
589 *
590 * @return #wbcErr
591 **/
592wbcErr wbcStringToGuid(const char *guid_string,
593 struct wbcGuid *guid);
594
595/**
596 * @brief Ping winbindd to see if the daemon is running
597 *
598 * @return #wbcErr
599 **/
600wbcErr wbcPing(void);
601
602wbcErr wbcLibraryDetails(struct wbcLibraryDetails **details);
603
604wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **details);
605
606/**********************************************************
607 * Name/SID conversion
608 **********************************************************/
609
610/**
611 * @brief Convert a domain and name to SID
612 *
613 * @param dom_name Domain name (possibly "")
614 * @param name User or group name
615 * @param *sid Pointer to the resolved domain SID
616 * @param *name_type Pointer to the SID type
617 *
618 * @return #wbcErr
619 **/
620wbcErr wbcLookupName(const char *dom_name,
621 const char *name,
622 struct wbcDomainSid *sid,
623 enum wbcSidType *name_type);
624
625/**
626 * @brief Convert a SID to a domain and name
627 *
628 * @param *sid Pointer to the domain SID to be resolved
629 * @param domain Resolved Domain name (possibly "")
630 * @param name Resolved User or group name
631 * @param *name_type Pointer to the resolved SID type
632 *
633 * @return #wbcErr
634 **/
635wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
636 char **domain,
637 char **name,
638 enum wbcSidType *name_type);
639
640struct wbcTranslatedName {
641 enum wbcSidType type;
642 char *name;
643 int domain_index;
644};
645
646wbcErr wbcLookupSids(const struct wbcDomainSid *sids, int num_sids,
647 struct wbcDomainInfo **domains, int *num_domains,
648 struct wbcTranslatedName **names);
649
650/**
651 * @brief Translate a collection of RIDs within a domain to names
652 */
653wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
654 int num_rids,
655 uint32_t *rids,
656 const char **domain_name,
657 const char ***names,
658 enum wbcSidType **types);
659
660/*
661 * @brief Get the groups a user belongs to
662 **/
663wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
664 bool domain_groups_only,
665 uint32_t *num_sids,
666 struct wbcDomainSid **sids);
667
668/*
669 * @brief Get alias membership for sids
670 **/
671wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid,
672 struct wbcDomainSid *sids,
673 uint32_t num_sids,
674 uint32_t **alias_rids,
675 uint32_t *num_alias_rids);
676
677/**
678 * @brief Lists Users
679 **/
680wbcErr wbcListUsers(const char *domain_name,
681 uint32_t *num_users,
682 const char ***users);
683
684/**
685 * @brief Lists Groups
686 **/
687wbcErr wbcListGroups(const char *domain_name,
688 uint32_t *num_groups,
689 const char ***groups);
690
691wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid,
692 char **pdomain,
693 char **pfullname,
694 enum wbcSidType *pname_type);
695
696/**********************************************************
697 * SID/uid/gid Mappings
698 **********************************************************/
699
700/**
701 * @brief Convert a Windows SID to a Unix uid, allocating an uid if needed
702 *
703 * @param *sid Pointer to the domain SID to be resolved
704 * @param *puid Pointer to the resolved uid_t value
705 *
706 * @return #wbcErr
707 *
708 **/
709wbcErr wbcSidToUid(const struct wbcDomainSid *sid,
710 uid_t *puid);
711
712/**
713 * @brief Convert a Windows SID to a Unix uid if there already is a mapping
714 *
715 * @param *sid Pointer to the domain SID to be resolved
716 * @param *puid Pointer to the resolved uid_t value
717 *
718 * @return #wbcErr
719 *
720 **/
721wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid,
722 uid_t *puid);
723
724/**
725 * @brief Convert a Unix uid to a Windows SID, allocating a SID if needed
726 *
727 * @param uid Unix uid to be resolved
728 * @param *sid Pointer to the resolved domain SID
729 *
730 * @return #wbcErr
731 *
732 **/
733wbcErr wbcUidToSid(uid_t uid,
734 struct wbcDomainSid *sid);
735
736/**
737 * @brief Convert a Unix uid to a Windows SID if there already is a mapping
738 *
739 * @param uid Unix uid to be resolved
740 * @param *sid Pointer to the resolved domain SID
741 *
742 * @return #wbcErr
743 *
744 **/
745wbcErr wbcQueryUidToSid(uid_t uid,
746 struct wbcDomainSid *sid);
747
748/**
749 * @brief Convert a Windows SID to a Unix gid, allocating a gid if needed
750 *
751 * @param *sid Pointer to the domain SID to be resolved
752 * @param *pgid Pointer to the resolved gid_t value
753 *
754 * @return #wbcErr
755 *
756 **/
757wbcErr wbcSidToGid(const struct wbcDomainSid *sid,
758 gid_t *pgid);
759
760/**
761 * @brief Convert a Windows SID to a Unix gid if there already is a mapping
762 *
763 * @param *sid Pointer to the domain SID to be resolved
764 * @param *pgid Pointer to the resolved gid_t value
765 *
766 * @return #wbcErr
767 *
768 **/
769wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid,
770 gid_t *pgid);
771
772/**
773 * @brief Convert a Unix gid to a Windows SID, allocating a SID if needed
774 *
775 * @param gid Unix gid to be resolved
776 * @param *sid Pointer to the resolved domain SID
777 *
778 * @return #wbcErr
779 *
780 **/
781wbcErr wbcGidToSid(gid_t gid,
782 struct wbcDomainSid *sid);
783
784/**
785 * @brief Convert a Unix gid to a Windows SID if there already is a mapping
786 *
787 * @param gid Unix gid to be resolved
788 * @param *sid Pointer to the resolved domain SID
789 *
790 * @return #wbcErr
791 *
792 **/
793wbcErr wbcQueryGidToSid(gid_t gid,
794 struct wbcDomainSid *sid);
795
796enum wbcIdType {
797 WBC_ID_TYPE_NOT_SPECIFIED,
798 WBC_ID_TYPE_UID,
799 WBC_ID_TYPE_GID
800};
801
802union wbcUnixIdContainer {
803 uid_t uid;
804 gid_t gid;
805};
806
807struct wbcUnixId {
808 enum wbcIdType type;
809 union wbcUnixIdContainer id;
810};
811
812/**
813 * @brief Convert a list of sids to unix ids
814 *
815 * @param sids Pointer to an array of SIDs to convert
816 * @param num_sids Number of SIDs
817 * @param ids Preallocated output array for translated IDs
818 *
819 * @return #wbcErr
820 *
821 **/
822wbcErr wbcSidsToUnixIds(const struct wbcDomainSid *sids, uint32_t num_sids,
823 struct wbcUnixId *ids);
824
825/**
826 * @brief Obtain a new uid from Winbind
827 *
828 * @param *puid *pointer to the allocated uid
829 *
830 * @return #wbcErr
831 **/
832wbcErr wbcAllocateUid(uid_t *puid);
833
834/**
835 * @brief Obtain a new gid from Winbind
836 *
837 * @param *pgid Pointer to the allocated gid
838 *
839 * @return #wbcErr
840 **/
841wbcErr wbcAllocateGid(gid_t *pgid);
842
843/**
844 * @brief Set an user id mapping
845 *
846 * @param uid Uid of the desired mapping.
847 * @param *sid Pointer to the sid of the diresired mapping.
848 *
849 * @return #wbcErr
850 *
851 * @deprecated This method is not impemented any more and should
852 * be removed in the next major version change.
853 **/
854wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid);
855
856/**
857 * @brief Set a group id mapping
858 *
859 * @param gid Gid of the desired mapping.
860 * @param *sid Pointer to the sid of the diresired mapping.
861 *
862 * @return #wbcErr
863 *
864 * @deprecated This method is not impemented any more and should
865 * be removed in the next major version change.
866 **/
867wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid);
868
869/**
870 * @brief Remove a user id mapping
871 *
872 * @param uid Uid of the mapping to remove.
873 * @param *sid Pointer to the sid of the mapping to remove.
874 *
875 * @return #wbcErr
876 *
877 * @deprecated This method is not impemented any more and should
878 * be removed in the next major version change.
879 **/
880wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid);
881
882/**
883 * @brief Remove a group id mapping
884 *
885 * @param gid Gid of the mapping to remove.
886 * @param *sid Pointer to the sid of the mapping to remove.
887 *
888 * @return #wbcErr
889 *
890 * @deprecated This method is not impemented any more and should
891 * be removed in the next major version change.
892 **/
893wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid);
894
895/**
896 * @brief Set the highwater mark for allocated uids.
897 *
898 * @param uid_hwm The new uid highwater mark value
899 *
900 * @return #wbcErr
901 *
902 * @deprecated This method is not impemented any more and should
903 * be removed in the next major version change.
904 **/
905wbcErr wbcSetUidHwm(uid_t uid_hwm);
906
907/**
908 * @brief Set the highwater mark for allocated gids.
909 *
910 * @param gid_hwm The new gid highwater mark value
911 *
912 * @return #wbcErr
913 *
914 * @deprecated This method is not impemented any more and should
915 * be removed in the next major version change.
916 **/
917wbcErr wbcSetGidHwm(gid_t gid_hwm);
918
919/**********************************************************
920 * NSS Lookup User/Group details
921 **********************************************************/
922
923/**
924 * @brief Fill in a struct passwd* for a domain user based
925 * on username
926 *
927 * @param *name Username to lookup
928 * @param **pwd Pointer to resulting struct passwd* from the query.
929 *
930 * @return #wbcErr
931 **/
932wbcErr wbcGetpwnam(const char *name, struct passwd **pwd);
933
934/**
935 * @brief Fill in a struct passwd* for a domain user based
936 * on uid
937 *
938 * @param uid Uid to lookup
939 * @param **pwd Pointer to resulting struct passwd* from the query.
940 *
941 * @return #wbcErr
942 **/
943wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd);
944
945/**
946 * @brief Fill in a struct passwd* for a domain user based
947 * on sid
948 *
949 * @param sid Sid to lookup
950 * @param **pwd Pointer to resulting struct passwd* from the query.
951 *
952 * @return #wbcErr
953 **/
954wbcErr wbcGetpwsid(struct wbcDomainSid * sid, struct passwd **pwd);
955
956/**
957 * @brief Fill in a struct passwd* for a domain user based
958 * on username
959 *
960 * @param *name Username to lookup
961 * @param **grp Pointer to resulting struct group* from the query.
962 *
963 * @return #wbcErr
964 **/
965wbcErr wbcGetgrnam(const char *name, struct group **grp);
966
967/**
968 * @brief Fill in a struct passwd* for a domain user based
969 * on uid
970 *
971 * @param gid Uid to lookup
972 * @param **grp Pointer to resulting struct group* from the query.
973 *
974 * @return #wbcErr
975 **/
976wbcErr wbcGetgrgid(gid_t gid, struct group **grp);
977
978/**
979 * @brief Reset the passwd iterator
980 *
981 * @return #wbcErr
982 **/
983wbcErr wbcSetpwent(void);
984
985/**
986 * @brief Close the passwd iterator
987 *
988 * @return #wbcErr
989 **/
990wbcErr wbcEndpwent(void);
991
992/**
993 * @brief Return the next struct passwd* entry from the pwent iterator
994 *
995 * @param **pwd Pointer to resulting struct passwd* from the query.
996 *
997 * @return #wbcErr
998 **/
999wbcErr wbcGetpwent(struct passwd **pwd);
1000
1001/**
1002 * @brief Reset the group iterator
1003 *
1004 * @return #wbcErr
1005 **/
1006wbcErr wbcSetgrent(void);
1007
1008/**
1009 * @brief Close the group iterator
1010 *
1011 * @return #wbcErr
1012 **/
1013wbcErr wbcEndgrent(void);
1014
1015/**
1016 * @brief Return the next struct group* entry from the pwent iterator
1017 *
1018 * @param **grp Pointer to resulting struct group* from the query.
1019 *
1020 * @return #wbcErr
1021 **/
1022wbcErr wbcGetgrent(struct group **grp);
1023
1024/**
1025 * @brief Return the next struct group* entry from the pwent iterator
1026 *
1027 * This is similar to #wbcGetgrent, just that the member list is empty
1028 *
1029 * @param **grp Pointer to resulting struct group* from the query.
1030 *
1031 * @return #wbcErr
1032 **/
1033wbcErr wbcGetgrlist(struct group **grp);
1034
1035/**
1036 * @brief Return the unix group array belonging to the given user
1037 *
1038 * @param *account The given user name
1039 * @param *num_groups Number of elements returned in the groups array
1040 * @param **_groups Pointer to resulting gid_t array.
1041 *
1042 * @return #wbcErr
1043 **/
1044wbcErr wbcGetGroups(const char *account,
1045 uint32_t *num_groups,
1046 gid_t **_groups);
1047
1048
1049/**********************************************************
1050 * Lookup Domain information
1051 **********************************************************/
1052
1053/**
1054 * @brief Lookup the current status of a trusted domain
1055 *
1056 * @param domain The domain to query
1057 *
1058 * @param dinfo A pointer to store the returned domain_info struct.
1059 *
1060 * @return #wbcErr
1061 **/
1062wbcErr wbcDomainInfo(const char *domain,
1063 struct wbcDomainInfo **dinfo);
1064
1065/**
1066 * @brief Lookup the currently contacted DCs
1067 *
1068 * @param domain The domain to query
1069 *
1070 * @param num_dcs Number of DCs currently known
1071 * @param dc_names Names of the currently known DCs
1072 * @param dc_ips IP addresses of the currently known DCs
1073 *
1074 * @return #wbcErr
1075 **/
1076wbcErr wbcDcInfo(const char *domain, size_t *num_dcs,
1077 const char ***dc_names, const char ***dc_ips);
1078
1079/**
1080 * @brief Enumerate the domain trusts known by Winbind
1081 *
1082 * @param **domains Pointer to the allocated domain list array
1083 * @param *num_domains Pointer to number of domains returned
1084 *
1085 * @return #wbcErr
1086 **/
1087wbcErr wbcListTrusts(struct wbcDomainInfo **domains,
1088 size_t *num_domains);
1089
1090/* Flags for wbcLookupDomainController */
1091
1092#define WBC_LOOKUP_DC_FORCE_REDISCOVERY 0x00000001
1093#define WBC_LOOKUP_DC_DS_REQUIRED 0x00000010
1094#define WBC_LOOKUP_DC_DS_PREFERRED 0x00000020
1095#define WBC_LOOKUP_DC_GC_SERVER_REQUIRED 0x00000040
1096#define WBC_LOOKUP_DC_PDC_REQUIRED 0x00000080
1097#define WBC_LOOKUP_DC_BACKGROUND_ONLY 0x00000100
1098#define WBC_LOOKUP_DC_IP_REQUIRED 0x00000200
1099#define WBC_LOOKUP_DC_KDC_REQUIRED 0x00000400
1100#define WBC_LOOKUP_DC_TIMESERV_REQUIRED 0x00000800
1101#define WBC_LOOKUP_DC_WRITABLE_REQUIRED 0x00001000
1102#define WBC_LOOKUP_DC_GOOD_TIMESERV_PREFERRED 0x00002000
1103#define WBC_LOOKUP_DC_AVOID_SELF 0x00004000
1104#define WBC_LOOKUP_DC_ONLY_LDAP_NEEDED 0x00008000
1105#define WBC_LOOKUP_DC_IS_FLAT_NAME 0x00010000
1106#define WBC_LOOKUP_DC_IS_DNS_NAME 0x00020000
1107#define WBC_LOOKUP_DC_TRY_NEXTCLOSEST_SITE 0x00040000
1108#define WBC_LOOKUP_DC_DS_6_REQUIRED 0x00080000
1109#define WBC_LOOKUP_DC_RETURN_DNS_NAME 0x40000000
1110#define WBC_LOOKUP_DC_RETURN_FLAT_NAME 0x80000000
1111
1112/**
1113 * @brief Enumerate the domain trusts known by Winbind
1114 *
1115 * @param domain Name of the domain to query for a DC
1116 * @param flags Bit flags used to control the domain location query
1117 * @param *dc_info Pointer to the returned domain controller information
1118 *
1119 * @return #wbcErr
1120 **/
1121wbcErr wbcLookupDomainController(const char *domain,
1122 uint32_t flags,
1123 struct wbcDomainControllerInfo **dc_info);
1124
1125/**
1126 * @brief Get extended domain controller information
1127 *
1128 * @param domain Name of the domain to query for a DC
1129 * @param guid Guid of the domain to query for a DC
1130 * @param site Site of the domain to query for a DC
1131 * @param flags Bit flags used to control the domain location query
1132 * @param *dc_info Pointer to the returned extended domain controller information
1133 *
1134 * @return #wbcErr
1135 **/
1136wbcErr wbcLookupDomainControllerEx(const char *domain,
1137 struct wbcGuid *guid,
1138 const char *site,
1139 uint32_t flags,
1140 struct wbcDomainControllerInfoEx **dc_info);
1141
1142/**********************************************************
1143 * Athenticate functions
1144 **********************************************************/
1145
1146/**
1147 * @brief Authenticate a username/password pair
1148 *
1149 * @param username Name of user to authenticate
1150 * @param password Clear text password os user
1151 *
1152 * @return #wbcErr
1153 **/
1154wbcErr wbcAuthenticateUser(const char *username,
1155 const char *password);
1156
1157/**
1158 * @brief Authenticate with more detailed information
1159 *
1160 * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH
1161 * is not supported yet
1162 * @param info Output details on WBC_ERR_SUCCESS
1163 * @param error Output details on WBC_ERR_AUTH_ERROR
1164 *
1165 * @return #wbcErr
1166 **/
1167wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
1168 struct wbcAuthUserInfo **info,
1169 struct wbcAuthErrorInfo **error);
1170
1171/**
1172 * @brief Logon a User
1173 *
1174 * @param[in] params Pointer to a wbcLogonUserParams structure
1175 * @param[out] info Pointer to a pointer to a wbcLogonUserInfo structure
1176 * @param[out] error Pointer to a pointer to a wbcAuthErrorInfo structure
1177 * @param[out] policy Pointer to a pointer to a wbcUserPasswordPolicyInfo structure
1178 *
1179 * @return #wbcErr
1180 **/
1181wbcErr wbcLogonUser(const struct wbcLogonUserParams *params,
1182 struct wbcLogonUserInfo **info,
1183 struct wbcAuthErrorInfo **error,
1184 struct wbcUserPasswordPolicyInfo **policy);
1185
1186/**
1187 * @brief Trigger a logoff notification to Winbind for a specific user
1188 *
1189 * @param username Name of user to remove from Winbind's list of
1190 * logged on users.
1191 * @param uid Uid assigned to the username
1192 * @param ccfilename Absolute path to the Krb5 credentials cache to
1193 * be removed
1194 *
1195 * @return #wbcErr
1196 **/
1197wbcErr wbcLogoffUser(const char *username,
1198 uid_t uid,
1199 const char *ccfilename);
1200
1201/**
1202 * @brief Trigger an extended logoff notification to Winbind for a specific user
1203 *
1204 * @param params A wbcLogoffUserParams structure
1205 * @param error User output details on error
1206 *
1207 * @return #wbcErr
1208 **/
1209wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params,
1210 struct wbcAuthErrorInfo **error);
1211
1212/**
1213 * @brief Change a password for a user
1214 *
1215 * @param username Name of user to authenticate
1216 * @param old_password Old clear text password of user
1217 * @param new_password New clear text password of user
1218 *
1219 * @return #wbcErr
1220 **/
1221wbcErr wbcChangeUserPassword(const char *username,
1222 const char *old_password,
1223 const char *new_password);
1224
1225/**
1226 * @brief Change a password for a user with more detailed information upon
1227 * failure
1228 *
1229 * @param params Input parameters
1230 * @param error User output details on WBC_ERR_PWD_CHANGE_FAILED
1231 * @param reject_reason New password reject reason on WBC_ERR_PWD_CHANGE_FAILED
1232 * @param policy Password policy output details on WBC_ERR_PWD_CHANGE_FAILED
1233 *
1234 * @return #wbcErr
1235 **/
1236wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params,
1237 struct wbcAuthErrorInfo **error,
1238 enum wbcPasswordChangeRejectReason *reject_reason,
1239 struct wbcUserPasswordPolicyInfo **policy);
1240
1241/**
1242 * @brief Authenticate a user with cached credentials
1243 *
1244 * @param *params Pointer to a wbcCredentialCacheParams structure
1245 * @param **info Pointer to a pointer to a wbcCredentialCacheInfo structure
1246 * @param **error Pointer to a pointer to a wbcAuthErrorInfo structure
1247 *
1248 * @return #wbcErr
1249 **/
1250wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params,
1251 struct wbcCredentialCacheInfo **info,
1252 struct wbcAuthErrorInfo **error);
1253
1254/**
1255 * @brief Save a password with winbind for doing wbcCredentialCache() later
1256 *
1257 * @param *user Username
1258 * @param *password Password
1259 *
1260 * @return #wbcErr
1261 **/
1262wbcErr wbcCredentialSave(const char *user, const char *password);
1263
1264/**********************************************************
1265 * Resolve functions
1266 **********************************************************/
1267
1268/**
1269 * @brief Resolve a NetbiosName via WINS
1270 *
1271 * @param name Name to resolve
1272 * @param *ip Pointer to the ip address string
1273 *
1274 * @return #wbcErr
1275 **/
1276wbcErr wbcResolveWinsByName(const char *name, char **ip);
1277
1278/**
1279 * @brief Resolve an IP address via WINS into a NetbiosName
1280 *
1281 * @param ip The ip address string
1282 * @param *name Pointer to the name
1283 *
1284 * @return #wbcErr
1285 *
1286 **/
1287wbcErr wbcResolveWinsByIP(const char *ip, char **name);
1288
1289/**********************************************************
1290 * Trusted domain functions
1291 **********************************************************/
1292
1293/**
1294 * @brief Trigger a verification of the trust credentials of a specific domain
1295 *
1296 * @param *domain The name of the domain.
1297 * @param error Output details on WBC_ERR_AUTH_ERROR
1298 *
1299 * @return #wbcErr
1300 **/
1301wbcErr wbcCheckTrustCredentials(const char *domain,
1302 struct wbcAuthErrorInfo **error);
1303
1304/**
1305 * @brief Trigger a change of the trust credentials for a specific domain
1306 *
1307 * @param *domain The name of the domain.
1308 * @param error Output details on WBC_ERR_AUTH_ERROR
1309 *
1310 * @return #wbcErr
1311 **/
1312wbcErr wbcChangeTrustCredentials(const char *domain,
1313 struct wbcAuthErrorInfo **error);
1314
1315/**
1316 * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost
1317 * version of wbcCheckTrustCredentials
1318 *
1319 * @param *domain The name of the domain, only NULL for the default domain is
1320 * supported yet. Other values than NULL will result in
1321 * WBC_ERR_NOT_IMPLEMENTED.
1322 * @param error Output details on WBC_ERR_AUTH_ERROR
1323 *
1324 * @return #wbcErr
1325 **/
1326wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error);
1327
1328/**********************************************************
1329 * Helper functions
1330 **********************************************************/
1331
1332/**
1333 * @brief Initialize a named blob and add to list of blobs
1334 *
1335 * @param[in,out] num_blobs Pointer to the number of blobs
1336 * @param[in,out] blobs Pointer to an array of blobs
1337 * @param[in] name Name of the new named blob
1338 * @param[in] flags Flags of the new named blob
1339 * @param[in] data Blob data of new blob
1340 * @param[in] length Blob data length of new blob
1341 *
1342 * @return #wbcErr
1343 **/
1344wbcErr wbcAddNamedBlob(size_t *num_blobs,
1345 struct wbcNamedBlob **blobs,
1346 const char *name,
1347 uint32_t flags,
1348 uint8_t *data,
1349 size_t length);
1350
1351#endif /* _WBCLIENT_H */
Note: See TracBrowser for help on using the repository browser.