Context Navigation

wbclient.h@ 752

Visit:

Last change on this file since 752 was 745, checked in by Silvan Scherrer, 13 years ago
Samba Server: updated trunk to 3.6.0
File size: 36.5 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3
4	Winbind client API
5
6	Copyright (C) Gerald (Jerry) Carter 2007
7	Copyright (C) Volker Lendecke 2009
8
9	This library is free software; you can redistribute it and/or
10	modify it under the terms of the GNU Lesser General Public
11	License as published by the Free Software Foundation; either
12	version 3 of the License, or (at your option) any later version.
13
14	This library is distributed in the hope that it will be useful,
15	but WITHOUT ANY WARRANTY; without even the implied warranty of
16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17	Library General Public License for more details.
18
19	You should have received a copy of the GNU Lesser General Public License
20	along with this program. If not, see <http://www.gnu.org/licenses/>.
21	*/
22
23	#ifndef _WBCLIENT_H
24	#define _WBCLIENT_H
25
26	#include <pwd.h>
27	#include <grp.h>
28
29	/* Define error types */
30
31	/**
32	* @brief Status codes returned from wbc functions
33	**/
34
35	enum _wbcErrType {
36	WBC_ERR_SUCCESS = 0, /< Successful completion /
37	WBC_ERR_NOT_IMPLEMENTED,/< Function not implemented /
38	WBC_ERR_UNKNOWN_FAILURE,/< General failure /
39	WBC_ERR_NO_MEMORY, /< Memory allocation error /
40	WBC_ERR_INVALID_SID, /< Invalid SID format /
41	WBC_ERR_INVALID_PARAM, /< An Invalid parameter was supplied /
42	WBC_ERR_WINBIND_NOT_AVAILABLE, /< Winbind daemon is not available /
43	WBC_ERR_DOMAIN_NOT_FOUND, /< Domain is not trusted or cannot be found /
44	WBC_ERR_INVALID_RESPONSE, /< Winbind returned an invalid response /
45	WBC_ERR_NSS_ERROR, /< NSS_STATUS error /
46	WBC_ERR_AUTH_ERROR, /< Authentication failed /
47	WBC_ERR_UNKNOWN_USER, /*< User account cannot be found /
48	WBC_ERR_UNKNOWN_GROUP, /*< Group account cannot be found /
49	WBC_ERR_PWD_CHANGE_FAILED /*< Password Change has failed /
50	};
51
52	typedef enum _wbcErrType wbcErr;
53
54	#define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS)
55
56	const char *wbcErrorString(wbcErr error);
57
58	/**
59	* @brief Some useful details about the wbclient library
60	*
61	* 0.1: Initial version
62	* 0.2: Added wbcRemoveUidMapping()
63	* Added wbcRemoveGidMapping()
64	* 0.3: Added wbcGetpwsid()
65	* Added wbcGetSidAliases()
66	* 0.4: Added wbcSidTypeString()
67	* 0.5: Added wbcChangeTrustCredentials()
68	* 0.6: Made struct wbcInterfaceDetails char* members non-const
69	* 0.7: Added wbcSidToStringBuf()
70	* 0.8: Added wbcSidsToUnixIds() and wbcLookupSids()
71	**/
72	#define WBCLIENT_MAJOR_VERSION 0
73	#define WBCLIENT_MINOR_VERSION 8
74	#define WBCLIENT_VENDOR_VERSION "Samba libwbclient"
75	struct wbcLibraryDetails {
76	uint16_t major_version;
77	uint16_t minor_version;
78	const char *vendor_version;
79	};
80
81	/**
82	* @brief Some useful details about the running winbindd
83	*
84	**/
85	struct wbcInterfaceDetails {
86	uint32_t interface_version;
87	char *winbind_version;
88	char winbind_separator;
89	char *netbios_name;
90	char *netbios_domain;
91	char *dns_domain;
92	};
93
94	/*
95	* Data types used by the Winbind Client API
96	*/
97
98	#ifndef WBC_MAXSUBAUTHS
99	#define WBC_MAXSUBAUTHS 15 /* max sub authorities in a SID */
100	#endif
101
102	/**
103	* @brief Windows Security Identifier
104	*
105	**/
106
107	struct wbcDomainSid {
108	uint8_t sid_rev_num;
109	uint8_t num_auths;
110	uint8_t id_auth[6];
111	uint32_t sub_auths[WBC_MAXSUBAUTHS];
112	};
113
114	/**
115	* @brief Security Identifier type
116	**/
117
118	enum wbcSidType {
119	WBC_SID_NAME_USE_NONE=0,
120	WBC_SID_NAME_USER=1,
121	WBC_SID_NAME_DOM_GRP=2,
122	WBC_SID_NAME_DOMAIN=3,
123	WBC_SID_NAME_ALIAS=4,
124	WBC_SID_NAME_WKN_GRP=5,
125	WBC_SID_NAME_DELETED=6,
126	WBC_SID_NAME_INVALID=7,
127	WBC_SID_NAME_UNKNOWN=8,
128	WBC_SID_NAME_COMPUTER=9
129	};
130
131	/**
132	* @brief Security Identifier with attributes
133	**/
134
135	struct wbcSidWithAttr {
136	struct wbcDomainSid sid;
137	uint32_t attributes;
138	};
139
140	/* wbcSidWithAttr->attributes */
141
142	#define WBC_SID_ATTR_GROUP_MANDATORY 0x00000001
143	#define WBC_SID_ATTR_GROUP_ENABLED_BY_DEFAULT 0x00000002
144	#define WBC_SID_ATTR_GROUP_ENABLED 0x00000004
145	#define WBC_SID_ATTR_GROUP_OWNER 0x00000008
146	#define WBC_SID_ATTR_GROUP_USEFOR_DENY_ONLY 0x00000010
147	#define WBC_SID_ATTR_GROUP_RESOURCE 0x20000000
148	#define WBC_SID_ATTR_GROUP_LOGON_ID 0xC0000000
149
150	/**
151	* @brief Windows GUID
152	*
153	**/
154
155	struct wbcGuid {
156	uint32_t time_low;
157	uint16_t time_mid;
158	uint16_t time_hi_and_version;
159	uint8_t clock_seq[2];
160	uint8_t node[6];
161	};
162
163	/**
164	* @brief Domain Information
165	**/
166
167	struct wbcDomainInfo {
168	char *short_name;
169	char *dns_name;
170	struct wbcDomainSid sid;
171	uint32_t domain_flags;
172	uint32_t trust_flags;
173	uint32_t trust_type;
174	};
175
176	/* wbcDomainInfo->domain_flags */
177
178	#define WBC_DOMINFO_DOMAIN_UNKNOWN 0x00000000
179	#define WBC_DOMINFO_DOMAIN_NATIVE 0x00000001
180	#define WBC_DOMINFO_DOMAIN_AD 0x00000002
181	#define WBC_DOMINFO_DOMAIN_PRIMARY 0x00000004
182	#define WBC_DOMINFO_DOMAIN_OFFLINE 0x00000008
183
184	/* wbcDomainInfo->trust_flags */
185
186	#define WBC_DOMINFO_TRUST_TRANSITIVE 0x00000001
187	#define WBC_DOMINFO_TRUST_INCOMING 0x00000002
188	#define WBC_DOMINFO_TRUST_OUTGOING 0x00000004
189
190	/* wbcDomainInfo->trust_type */
191
192	#define WBC_DOMINFO_TRUSTTYPE_NONE 0x00000000
193	#define WBC_DOMINFO_TRUSTTYPE_FOREST 0x00000001
194	#define WBC_DOMINFO_TRUSTTYPE_IN_FOREST 0x00000002
195	#define WBC_DOMINFO_TRUSTTYPE_EXTERNAL 0x00000003
196
197	/**
198	* @brief Auth User Parameters
199	**/
200
201	struct wbcAuthUserParams {
202	const char *account_name;
203	const char *domain_name;
204	const char *workstation_name;
205
206	uint32_t flags;
207
208	uint32_t parameter_control;
209
210	enum wbcAuthUserLevel {
211	WBC_AUTH_USER_LEVEL_PLAIN = 1,
212	WBC_AUTH_USER_LEVEL_HASH = 2,
213	WBC_AUTH_USER_LEVEL_RESPONSE = 3
214	} level;
215	union {
216	const char *plaintext;
217	struct {
218	uint8_t nt_hash[16];
219	uint8_t lm_hash[16];
220	} hash;
221	struct {
222	uint8_t challenge[8];
223	uint32_t nt_length;
224	uint8_t *nt_data;
225	uint32_t lm_length;
226	uint8_t *lm_data;
227	} response;
228	} password;
229	};
230
231	/**
232	* @brief Generic Blob
233	**/
234
235	struct wbcBlob {
236	uint8_t *data;
237	size_t length;
238	};
239
240	/**
241	* @brief Named Blob
242	**/
243
244	struct wbcNamedBlob {
245	const char *name;
246	uint32_t flags;
247	struct wbcBlob blob;
248	};
249
250	/**
251	* @brief Logon User Parameters
252	**/
253
254	struct wbcLogonUserParams {
255	const char *username;
256	const char *password;
257	size_t num_blobs;
258	struct wbcNamedBlob *blobs;
259	};
260
261	/**
262	* @brief ChangePassword Parameters
263	**/
264
265	struct wbcChangePasswordParams {
266	const char *account_name;
267	const char *domain_name;
268
269	uint32_t flags;
270
271	enum wbcChangePasswordLevel {
272	WBC_CHANGE_PASSWORD_LEVEL_PLAIN = 1,
273	WBC_CHANGE_PASSWORD_LEVEL_RESPONSE = 2
274	} level;
275
276	union {
277	const char *plaintext;
278	struct {
279	uint32_t old_nt_hash_enc_length;
280	uint8_t *old_nt_hash_enc_data;
281	uint32_t old_lm_hash_enc_length;
282	uint8_t *old_lm_hash_enc_data;
283	} response;
284	} old_password;
285	union {
286	const char *plaintext;
287	struct {
288	uint32_t nt_length;
289	uint8_t *nt_data;
290	uint32_t lm_length;
291	uint8_t *lm_data;
292	} response;
293	} new_password;
294	};
295
296	/* wbcAuthUserParams->parameter_control */
297
298	#define WBC_MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x00000002
299	#define WBC_MSV1_0_UPDATE_LOGON_STATISTICS 0x00000004
300	#define WBC_MSV1_0_RETURN_USER_PARAMETERS 0x00000008
301	#define WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x00000020
302	#define WBC_MSV1_0_RETURN_PROFILE_PATH 0x00000200
303	#define WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x00000800
304
305	/* wbcAuthUserParams->flags */
306
307	#define WBC_AUTH_PARAM_FLAGS_INTERACTIVE_LOGON 0x00000001
308
309	/**
310	* @brief Auth User Information
311	*
312	* Some of the strings are maybe NULL
313	**/
314
315	struct wbcAuthUserInfo {
316	uint32_t user_flags;
317
318	char *account_name;
319	char *user_principal;
320	char *full_name;
321	char *domain_name;
322	char *dns_domain_name;
323
324	uint32_t acct_flags;
325	uint8_t user_session_key[16];
326	uint8_t lm_session_key[8];
327
328	uint16_t logon_count;
329	uint16_t bad_password_count;
330
331	uint64_t logon_time;
332	uint64_t logoff_time;
333	uint64_t kickoff_time;
334	uint64_t pass_last_set_time;
335	uint64_t pass_can_change_time;
336	uint64_t pass_must_change_time;
337
338	char *logon_server;
339	char *logon_script;
340	char *profile_path;
341	char *home_directory;
342	char *home_drive;
343
344	/*
345	* the 1st one is the account sid
346	* the 2nd one is the primary_group sid
347	* followed by the rest of the groups
348	*/
349	uint32_t num_sids;
350	struct wbcSidWithAttr *sids;
351	};
352
353	/**
354	* @brief Logon User Information
355	*
356	* Some of the strings are maybe NULL
357	**/
358
359	struct wbcLogonUserInfo {
360	struct wbcAuthUserInfo *info;
361	size_t num_blobs;
362	struct wbcNamedBlob *blobs;
363	};
364
365	/* wbcAuthUserInfo->user_flags */
366
367	#define WBC_AUTH_USER_INFO_GUEST 0x00000001
368	#define WBC_AUTH_USER_INFO_NOENCRYPTION 0x00000002
369	#define WBC_AUTH_USER_INFO_CACHED_ACCOUNT 0x00000004
370	#define WBC_AUTH_USER_INFO_USED_LM_PASSWORD 0x00000008
371	#define WBC_AUTH_USER_INFO_EXTRA_SIDS 0x00000020
372	#define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY 0x00000040
373	#define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT 0x00000080
374	#define WBC_AUTH_USER_INFO_NTLMV2_ENABLED 0x00000100
375	#define WBC_AUTH_USER_INFO_RESOURCE_GROUPS 0x00000200
376	#define WBC_AUTH_USER_INFO_PROFILE_PATH_RETURNED 0x00000400
377	#define WBC_AUTH_USER_INFO_GRACE_LOGON 0x01000000
378
379	/* wbcAuthUserInfo->acct_flags */
380
381	#define WBC_ACB_DISABLED 0x00000001 /* 1 User account disabled */
382	#define WBC_ACB_HOMDIRREQ 0x00000002 /* 1 Home directory required */
383	#define WBC_ACB_PWNOTREQ 0x00000004 /* 1 User password not required */
384	#define WBC_ACB_TEMPDUP 0x00000008 /* 1 Temporary duplicate account */
385	#define WBC_ACB_NORMAL 0x00000010 /* 1 Normal user account */
386	#define WBC_ACB_MNS 0x00000020 /* 1 MNS logon user account */
387	#define WBC_ACB_DOMTRUST 0x00000040 /* 1 Interdomain trust account */
388	#define WBC_ACB_WSTRUST 0x00000080 /* 1 Workstation trust account */
389	#define WBC_ACB_SVRTRUST 0x00000100 /* 1 Server trust account */
390	#define WBC_ACB_PWNOEXP 0x00000200 /* 1 User password does not expire */
391	#define WBC_ACB_AUTOLOCK 0x00000400 /* 1 Account auto locked */
392	#define WBC_ACB_ENC_TXT_PWD_ALLOWED 0x00000800 /* 1 Encryped text password is allowed */
393	#define WBC_ACB_SMARTCARD_REQUIRED 0x00001000 /* 1 Smart Card required */
394	#define WBC_ACB_TRUSTED_FOR_DELEGATION 0x00002000 /* 1 Trusted for Delegation */
395	#define WBC_ACB_NOT_DELEGATED 0x00004000 /* 1 Not delegated */
396	#define WBC_ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 Use DES key only */
397	#define WBC_ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 Preauth not required */
398	#define WBC_ACB_PW_EXPIRED 0x00020000 /* 1 Password Expired */
399	#define WBC_ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */
400
401	struct wbcAuthErrorInfo {
402	uint32_t nt_status;
403	char *nt_string;
404	int32_t pam_error;
405	char *display_string;
406	};
407
408	/**
409	* @brief User Password Policy Information
410	**/
411
412	/* wbcUserPasswordPolicyInfo->password_properties */
413
414	#define WBC_DOMAIN_PASSWORD_COMPLEX 0x00000001
415	#define WBC_DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002
416	#define WBC_DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004
417	#define WBC_DOMAIN_PASSWORD_LOCKOUT_ADMINS 0x00000008
418	#define WBC_DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010
419	#define WBC_DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020
420
421	struct wbcUserPasswordPolicyInfo {
422	uint32_t min_length_password;
423	uint32_t password_history;
424	uint32_t password_properties;
425	uint64_t expire;
426	uint64_t min_passwordage;
427	};
428
429	/**
430	* @brief Change Password Reject Reason
431	**/
432
433	enum wbcPasswordChangeRejectReason {
434	WBC_PWD_CHANGE_NO_ERROR=0,
435	WBC_PWD_CHANGE_PASSWORD_TOO_SHORT=1,
436	WBC_PWD_CHANGE_PWD_IN_HISTORY=2,
437	WBC_PWD_CHANGE_USERNAME_IN_PASSWORD=3,
438	WBC_PWD_CHANGE_FULLNAME_IN_PASSWORD=4,
439	WBC_PWD_CHANGE_NOT_COMPLEX=5,
440	WBC_PWD_CHANGE_MACHINE_NOT_DEFAULT=6,
441	WBC_PWD_CHANGE_FAILED_BY_FILTER=7,
442	WBC_PWD_CHANGE_PASSWORD_TOO_LONG=8
443	};
444
445	/* Note: this defines exist for compatibility reasons with existing code */
446	#define WBC_PWD_CHANGE_REJECT_OTHER WBC_PWD_CHANGE_NO_ERROR
447	#define WBC_PWD_CHANGE_REJECT_TOO_SHORT WBC_PWD_CHANGE_PASSWORD_TOO_SHORT
448	#define WBC_PWD_CHANGE_REJECT_IN_HISTORY WBC_PWD_CHANGE_PWD_IN_HISTORY
449	#define WBC_PWD_CHANGE_REJECT_COMPLEXITY WBC_PWD_CHANGE_NOT_COMPLEX
450
451	/**
452	* @brief Logoff User Parameters
453	**/
454
455	struct wbcLogoffUserParams {
456	const char *username;
457	size_t num_blobs;
458	struct wbcNamedBlob *blobs;
459	};
460
461	/** @brief Credential cache log-on parameters
462	*
463	*/
464
465	struct wbcCredentialCacheParams {
466	const char *account_name;
467	const char *domain_name;
468	enum wbcCredentialCacheLevel {
469	WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP = 1
470	} level;
471	size_t num_blobs;
472	struct wbcNamedBlob *blobs;
473	};
474
475
476	/** @brief Info returned by credential cache auth
477	*
478	*/
479
480	struct wbcCredentialCacheInfo {
481	size_t num_blobs;
482	struct wbcNamedBlob *blobs;
483	};
484
485	/*
486	* DomainControllerInfo struct
487	*/
488	struct wbcDomainControllerInfo {
489	char *dc_name;
490	};
491
492	/*
493	* DomainControllerInfoEx struct
494	*/
495	struct wbcDomainControllerInfoEx {
496	const char *dc_unc;
497	const char *dc_address;
498	uint16_t dc_address_type;
499	struct wbcGuid *domain_guid;
500	const char *domain_name;
501	const char *forest_name;
502	uint32_t dc_flags;
503	const char *dc_site_name;
504	const char *client_site_name;
505	};
506
507	/**********************************************************
508	* Memory Management
509	**********************************************************/
510
511	/**
512	* @brief Free library allocated memory
513	*
514	* @param * Pointer to free
515	*
516	* @return void
517	**/
518	void wbcFreeMemory(void*);
519
520
521	/*
522	* Utility functions for dealing with SIDs
523	*/
524
525	/**
526	* @brief Get a string representation of the SID type
527	*
528	* @param type type of the SID
529	*
530	* @return string representation of the SID type
531	*/
532	const char* wbcSidTypeString(enum wbcSidType type);
533
534	#define WBC_SID_STRING_BUFLEN (15*11+25)
535
536	/*
537	* @brief Print a sid into a buffer
538	*
539	* @param sid Binary Security Identifier
540	* @param buf Target buffer
541	* @param buflen Target buffer length
542	*
543	* @return Resulting string length.
544	*/
545	int wbcSidToStringBuf(const struct wbcDomainSid sid, char buf, int buflen);
546
547	/**
548	* @brief Convert a binary SID to a character string
549	*
550	* @param sid Binary Security Identifier
551	* @param **sid_string Resulting character string
552	*
553	* @return #wbcErr
554	**/
555	wbcErr wbcSidToString(const struct wbcDomainSid *sid,
556	char **sid_string);
557
558	/**
559	* @brief Convert a character string to a binary SID
560	*
561	* @param *sid_string Character string in the form of S-...
562	* @param sid Resulting binary SID
563	*
564	* @return #wbcErr
565	**/
566	wbcErr wbcStringToSid(const char *sid_string,
567	struct wbcDomainSid *sid);
568
569	/*
570	* Utility functions for dealing with GUIDs
571	*/
572
573	/**
574	* @brief Convert a binary GUID to a character string
575	*
576	* @param guid Binary Guid
577	* @param **guid_string Resulting character string
578	*
579	* @return #wbcErr
580	**/
581	wbcErr wbcGuidToString(const struct wbcGuid *guid,
582	char **guid_string);
583
584	/**
585	* @brief Convert a character string to a binary GUID
586	*
587	* @param *guid_string Character string
588	* @param guid Resulting binary GUID
589	*
590	* @return #wbcErr
591	**/
592	wbcErr wbcStringToGuid(const char *guid_string,
593	struct wbcGuid *guid);
594
595	/**
596	* @brief Ping winbindd to see if the daemon is running
597	*
598	* @return #wbcErr
599	**/
600	wbcErr wbcPing(void);
601
602	wbcErr wbcLibraryDetails(struct wbcLibraryDetails **details);
603
604	wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **details);
605
606	/**********************************************************
607	* Name/SID conversion
608	**********************************************************/
609
610	/**
611	* @brief Convert a domain and name to SID
612	*
613	* @param dom_name Domain name (possibly "")
614	* @param name User or group name
615	* @param *sid Pointer to the resolved domain SID
616	* @param *name_type Pointer to the SID type
617	*
618	* @return #wbcErr
619	**/
620	wbcErr wbcLookupName(const char *dom_name,
621	const char *name,
622	struct wbcDomainSid *sid,
623	enum wbcSidType *name_type);
624
625	/**
626	* @brief Convert a SID to a domain and name
627	*
628	* @param *sid Pointer to the domain SID to be resolved
629	* @param domain Resolved Domain name (possibly "")
630	* @param name Resolved User or group name
631	* @param *name_type Pointer to the resolved SID type
632	*
633	* @return #wbcErr
634	**/
635	wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
636	char **domain,
637	char **name,
638	enum wbcSidType *name_type);
639
640	struct wbcTranslatedName {
641	enum wbcSidType type;
642	char *name;
643	int domain_index;
644	};
645
646	wbcErr wbcLookupSids(const struct wbcDomainSid *sids, int num_sids,
647	struct wbcDomainInfo *domains, int num_domains,
648	struct wbcTranslatedName **names);
649
650	/**
651	* @brief Translate a collection of RIDs within a domain to names
652	*/
653	wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
654	int num_rids,
655	uint32_t *rids,
656	const char **domain_name,
657	const char ***names,
658	enum wbcSidType **types);
659
660	/*
661	* @brief Get the groups a user belongs to
662	**/
663	wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
664	bool domain_groups_only,
665	uint32_t *num_sids,
666	struct wbcDomainSid **sids);
667
668	/*
669	* @brief Get alias membership for sids
670	**/
671	wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid,
672	struct wbcDomainSid *sids,
673	uint32_t num_sids,
674	uint32_t **alias_rids,
675	uint32_t *num_alias_rids);
676
677	/**
678	* @brief Lists Users
679	**/
680	wbcErr wbcListUsers(const char *domain_name,
681	uint32_t *num_users,
682	const char ***users);
683
684	/**
685	* @brief Lists Groups
686	**/
687	wbcErr wbcListGroups(const char *domain_name,
688	uint32_t *num_groups,
689	const char ***groups);
690
691	wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid,
692	char **pdomain,
693	char **pfullname,
694	enum wbcSidType *pname_type);
695
696	/**********************************************************
697	* SID/uid/gid Mappings
698	**********************************************************/
699
700	/**
701	* @brief Convert a Windows SID to a Unix uid, allocating an uid if needed
702	*
703	* @param *sid Pointer to the domain SID to be resolved
704	* @param *puid Pointer to the resolved uid_t value
705	*
706	* @return #wbcErr
707	*
708	**/
709	wbcErr wbcSidToUid(const struct wbcDomainSid *sid,
710	uid_t *puid);
711
712	/**
713	* @brief Convert a Windows SID to a Unix uid if there already is a mapping
714	*
715	* @param *sid Pointer to the domain SID to be resolved
716	* @param *puid Pointer to the resolved uid_t value
717	*
718	* @return #wbcErr
719	*
720	**/
721	wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid,
722	uid_t *puid);
723
724	/**
725	* @brief Convert a Unix uid to a Windows SID, allocating a SID if needed
726	*
727	* @param uid Unix uid to be resolved
728	* @param *sid Pointer to the resolved domain SID
729	*
730	* @return #wbcErr
731	*
732	**/
733	wbcErr wbcUidToSid(uid_t uid,
734	struct wbcDomainSid *sid);
735
736	/**
737	* @brief Convert a Unix uid to a Windows SID if there already is a mapping
738	*
739	* @param uid Unix uid to be resolved
740	* @param *sid Pointer to the resolved domain SID
741	*
742	* @return #wbcErr
743	*
744	**/
745	wbcErr wbcQueryUidToSid(uid_t uid,
746	struct wbcDomainSid *sid);
747
748	/**
749	* @brief Convert a Windows SID to a Unix gid, allocating a gid if needed
750	*
751	* @param *sid Pointer to the domain SID to be resolved
752	* @param *pgid Pointer to the resolved gid_t value
753	*
754	* @return #wbcErr
755	*
756	**/
757	wbcErr wbcSidToGid(const struct wbcDomainSid *sid,
758	gid_t *pgid);
759
760	/**
761	* @brief Convert a Windows SID to a Unix gid if there already is a mapping
762	*
763	* @param *sid Pointer to the domain SID to be resolved
764	* @param *pgid Pointer to the resolved gid_t value
765	*
766	* @return #wbcErr
767	*
768	**/
769	wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid,
770	gid_t *pgid);
771
772	/**
773	* @brief Convert a Unix gid to a Windows SID, allocating a SID if needed
774	*
775	* @param gid Unix gid to be resolved
776	* @param *sid Pointer to the resolved domain SID
777	*
778	* @return #wbcErr
779	*
780	**/
781	wbcErr wbcGidToSid(gid_t gid,
782	struct wbcDomainSid *sid);
783
784	/**
785	* @brief Convert a Unix gid to a Windows SID if there already is a mapping
786	*
787	* @param gid Unix gid to be resolved
788	* @param *sid Pointer to the resolved domain SID
789	*
790	* @return #wbcErr
791	*
792	**/
793	wbcErr wbcQueryGidToSid(gid_t gid,
794	struct wbcDomainSid *sid);
795
796	enum wbcIdType {
797	WBC_ID_TYPE_NOT_SPECIFIED,
798	WBC_ID_TYPE_UID,
799	WBC_ID_TYPE_GID
800	};
801
802	union wbcUnixIdContainer {
803	uid_t uid;
804	gid_t gid;
805	};
806
807	struct wbcUnixId {
808	enum wbcIdType type;
809	union wbcUnixIdContainer id;
810	};
811
812	/**
813	* @brief Convert a list of sids to unix ids
814	*
815	* @param sids Pointer to an array of SIDs to convert
816	* @param num_sids Number of SIDs
817	* @param ids Preallocated output array for translated IDs
818	*
819	* @return #wbcErr
820	*
821	**/
822	wbcErr wbcSidsToUnixIds(const struct wbcDomainSid *sids, uint32_t num_sids,
823	struct wbcUnixId *ids);
824
825	/**
826	* @brief Obtain a new uid from Winbind
827	*
828	* @param puid pointer to the allocated uid
829	*
830	* @return #wbcErr
831	**/
832	wbcErr wbcAllocateUid(uid_t *puid);
833
834	/**
835	* @brief Obtain a new gid from Winbind
836	*
837	* @param *pgid Pointer to the allocated gid
838	*
839	* @return #wbcErr
840	**/
841	wbcErr wbcAllocateGid(gid_t *pgid);
842
843	/**
844	* @brief Set an user id mapping
845	*
846	* @param uid Uid of the desired mapping.
847	* @param *sid Pointer to the sid of the diresired mapping.
848	*
849	* @return #wbcErr
850	*
851	* @deprecated This method is not impemented any more and should
852	* be removed in the next major version change.
853	**/
854	wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid);
855
856	/**
857	* @brief Set a group id mapping
858	*
859	* @param gid Gid of the desired mapping.
860	* @param *sid Pointer to the sid of the diresired mapping.
861	*
862	* @return #wbcErr
863	*
864	* @deprecated This method is not impemented any more and should
865	* be removed in the next major version change.
866	**/
867	wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid);
868
869	/**
870	* @brief Remove a user id mapping
871	*
872	* @param uid Uid of the mapping to remove.
873	* @param *sid Pointer to the sid of the mapping to remove.
874	*
875	* @return #wbcErr
876	*
877	* @deprecated This method is not impemented any more and should
878	* be removed in the next major version change.
879	**/
880	wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid);
881
882	/**
883	* @brief Remove a group id mapping
884	*
885	* @param gid Gid of the mapping to remove.
886	* @param *sid Pointer to the sid of the mapping to remove.
887	*
888	* @return #wbcErr
889	*
890	* @deprecated This method is not impemented any more and should
891	* be removed in the next major version change.
892	**/
893	wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid);
894
895	/**
896	* @brief Set the highwater mark for allocated uids.
897	*
898	* @param uid_hwm The new uid highwater mark value
899	*
900	* @return #wbcErr
901	*
902	* @deprecated This method is not impemented any more and should
903	* be removed in the next major version change.
904	**/
905	wbcErr wbcSetUidHwm(uid_t uid_hwm);
906
907	/**
908	* @brief Set the highwater mark for allocated gids.
909	*
910	* @param gid_hwm The new gid highwater mark value
911	*
912	* @return #wbcErr
913	*
914	* @deprecated This method is not impemented any more and should
915	* be removed in the next major version change.
916	**/
917	wbcErr wbcSetGidHwm(gid_t gid_hwm);
918
919	/**********************************************************
920	* NSS Lookup User/Group details
921	**********************************************************/
922
923	/**
924	* @brief Fill in a struct passwd* for a domain user based
925	* on username
926	*
927	* @param *name Username to lookup
928	* @param *pwd Pointer to resulting struct passwd from the query.
929	*
930	* @return #wbcErr
931	**/
932	wbcErr wbcGetpwnam(const char name, struct passwd *pwd);
933
934	/**
935	* @brief Fill in a struct passwd* for a domain user based
936	* on uid
937	*
938	* @param uid Uid to lookup
939	* @param *pwd Pointer to resulting struct passwd from the query.
940	*
941	* @return #wbcErr
942	**/
943	wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd);
944
945	/**
946	* @brief Fill in a struct passwd* for a domain user based
947	* on sid
948	*
949	* @param sid Sid to lookup
950	* @param *pwd Pointer to resulting struct passwd from the query.
951	*
952	* @return #wbcErr
953	**/
954	wbcErr wbcGetpwsid(struct wbcDomainSid * sid, struct passwd **pwd);
955
956	/**
957	* @brief Fill in a struct passwd* for a domain user based
958	* on username
959	*
960	* @param *name Username to lookup
961	* @param *grp Pointer to resulting struct group from the query.
962	*
963	* @return #wbcErr
964	**/
965	wbcErr wbcGetgrnam(const char name, struct group *grp);
966
967	/**
968	* @brief Fill in a struct passwd* for a domain user based
969	* on uid
970	*
971	* @param gid Uid to lookup
972	* @param *grp Pointer to resulting struct group from the query.
973	*
974	* @return #wbcErr
975	**/
976	wbcErr wbcGetgrgid(gid_t gid, struct group **grp);
977
978	/**
979	* @brief Reset the passwd iterator
980	*
981	* @return #wbcErr
982	**/
983	wbcErr wbcSetpwent(void);
984
985	/**
986	* @brief Close the passwd iterator
987	*
988	* @return #wbcErr
989	**/
990	wbcErr wbcEndpwent(void);
991
992	/**
993	* @brief Return the next struct passwd* entry from the pwent iterator
994	*
995	* @param *pwd Pointer to resulting struct passwd from the query.
996	*
997	* @return #wbcErr
998	**/
999	wbcErr wbcGetpwent(struct passwd **pwd);
1000
1001	/**
1002	* @brief Reset the group iterator
1003	*
1004	* @return #wbcErr
1005	**/
1006	wbcErr wbcSetgrent(void);
1007
1008	/**
1009	* @brief Close the group iterator
1010	*
1011	* @return #wbcErr
1012	**/
1013	wbcErr wbcEndgrent(void);
1014
1015	/**
1016	* @brief Return the next struct group* entry from the pwent iterator
1017	*
1018	* @param *grp Pointer to resulting struct group from the query.
1019	*
1020	* @return #wbcErr
1021	**/
1022	wbcErr wbcGetgrent(struct group **grp);
1023
1024	/**
1025	* @brief Return the next struct group* entry from the pwent iterator
1026	*
1027	* This is similar to #wbcGetgrent, just that the member list is empty
1028	*
1029	* @param *grp Pointer to resulting struct group from the query.
1030	*
1031	* @return #wbcErr
1032	**/
1033	wbcErr wbcGetgrlist(struct group **grp);
1034
1035	/**
1036	* @brief Return the unix group array belonging to the given user
1037	*
1038	* @param *account The given user name
1039	* @param *num_groups Number of elements returned in the groups array
1040	* @param **_groups Pointer to resulting gid_t array.
1041	*
1042	* @return #wbcErr
1043	**/
1044	wbcErr wbcGetGroups(const char *account,
1045	uint32_t *num_groups,
1046	gid_t **_groups);
1047
1048
1049	/**********************************************************
1050	* Lookup Domain information
1051	**********************************************************/
1052
1053	/**
1054	* @brief Lookup the current status of a trusted domain
1055	*
1056	* @param domain The domain to query
1057	*
1058	* @param dinfo A pointer to store the returned domain_info struct.
1059	*
1060	* @return #wbcErr
1061	**/
1062	wbcErr wbcDomainInfo(const char *domain,
1063	struct wbcDomainInfo **dinfo);
1064
1065	/**
1066	* @brief Lookup the currently contacted DCs
1067	*
1068	* @param domain The domain to query
1069	*
1070	* @param num_dcs Number of DCs currently known
1071	* @param dc_names Names of the currently known DCs
1072	* @param dc_ips IP addresses of the currently known DCs
1073	*
1074	* @return #wbcErr
1075	**/
1076	wbcErr wbcDcInfo(const char domain, size_t num_dcs,
1077	const char *dc_names, const char *dc_ips);
1078
1079	/**
1080	* @brief Enumerate the domain trusts known by Winbind
1081	*
1082	* @param **domains Pointer to the allocated domain list array
1083	* @param *num_domains Pointer to number of domains returned
1084	*
1085	* @return #wbcErr
1086	**/
1087	wbcErr wbcListTrusts(struct wbcDomainInfo **domains,
1088	size_t *num_domains);
1089
1090	/* Flags for wbcLookupDomainController */
1091
1092	#define WBC_LOOKUP_DC_FORCE_REDISCOVERY 0x00000001
1093	#define WBC_LOOKUP_DC_DS_REQUIRED 0x00000010
1094	#define WBC_LOOKUP_DC_DS_PREFERRED 0x00000020
1095	#define WBC_LOOKUP_DC_GC_SERVER_REQUIRED 0x00000040
1096	#define WBC_LOOKUP_DC_PDC_REQUIRED 0x00000080
1097	#define WBC_LOOKUP_DC_BACKGROUND_ONLY 0x00000100
1098	#define WBC_LOOKUP_DC_IP_REQUIRED 0x00000200
1099	#define WBC_LOOKUP_DC_KDC_REQUIRED 0x00000400
1100	#define WBC_LOOKUP_DC_TIMESERV_REQUIRED 0x00000800
1101	#define WBC_LOOKUP_DC_WRITABLE_REQUIRED 0x00001000
1102	#define WBC_LOOKUP_DC_GOOD_TIMESERV_PREFERRED 0x00002000
1103	#define WBC_LOOKUP_DC_AVOID_SELF 0x00004000
1104	#define WBC_LOOKUP_DC_ONLY_LDAP_NEEDED 0x00008000
1105	#define WBC_LOOKUP_DC_IS_FLAT_NAME 0x00010000
1106	#define WBC_LOOKUP_DC_IS_DNS_NAME 0x00020000
1107	#define WBC_LOOKUP_DC_TRY_NEXTCLOSEST_SITE 0x00040000
1108	#define WBC_LOOKUP_DC_DS_6_REQUIRED 0x00080000
1109	#define WBC_LOOKUP_DC_RETURN_DNS_NAME 0x40000000
1110	#define WBC_LOOKUP_DC_RETURN_FLAT_NAME 0x80000000
1111
1112	/**
1113	* @brief Enumerate the domain trusts known by Winbind
1114	*
1115	* @param domain Name of the domain to query for a DC
1116	* @param flags Bit flags used to control the domain location query
1117	* @param *dc_info Pointer to the returned domain controller information
1118	*
1119	* @return #wbcErr
1120	**/
1121	wbcErr wbcLookupDomainController(const char *domain,
1122	uint32_t flags,
1123	struct wbcDomainControllerInfo **dc_info);
1124
1125	/**
1126	* @brief Get extended domain controller information
1127	*
1128	* @param domain Name of the domain to query for a DC
1129	* @param guid Guid of the domain to query for a DC
1130	* @param site Site of the domain to query for a DC
1131	* @param flags Bit flags used to control the domain location query
1132	* @param *dc_info Pointer to the returned extended domain controller information
1133	*
1134	* @return #wbcErr
1135	**/
1136	wbcErr wbcLookupDomainControllerEx(const char *domain,
1137	struct wbcGuid *guid,
1138	const char *site,
1139	uint32_t flags,
1140	struct wbcDomainControllerInfoEx **dc_info);
1141
1142	/**********************************************************
1143	* Athenticate functions
1144	**********************************************************/
1145
1146	/**
1147	* @brief Authenticate a username/password pair
1148	*
1149	* @param username Name of user to authenticate
1150	* @param password Clear text password os user
1151	*
1152	* @return #wbcErr
1153	**/
1154	wbcErr wbcAuthenticateUser(const char *username,
1155	const char *password);
1156
1157	/**
1158	* @brief Authenticate with more detailed information
1159	*
1160	* @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH
1161	* is not supported yet
1162	* @param info Output details on WBC_ERR_SUCCESS
1163	* @param error Output details on WBC_ERR_AUTH_ERROR
1164	*
1165	* @return #wbcErr
1166	**/
1167	wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
1168	struct wbcAuthUserInfo **info,
1169	struct wbcAuthErrorInfo **error);
1170
1171	/**
1172	* @brief Logon a User
1173	*
1174	* @param[in] params Pointer to a wbcLogonUserParams structure
1175	* @param[out] info Pointer to a pointer to a wbcLogonUserInfo structure
1176	* @param[out] error Pointer to a pointer to a wbcAuthErrorInfo structure
1177	* @param[out] policy Pointer to a pointer to a wbcUserPasswordPolicyInfo structure
1178	*
1179	* @return #wbcErr
1180	**/
1181	wbcErr wbcLogonUser(const struct wbcLogonUserParams *params,
1182	struct wbcLogonUserInfo **info,
1183	struct wbcAuthErrorInfo **error,
1184	struct wbcUserPasswordPolicyInfo **policy);
1185
1186	/**
1187	* @brief Trigger a logoff notification to Winbind for a specific user
1188	*
1189	* @param username Name of user to remove from Winbind's list of
1190	* logged on users.
1191	* @param uid Uid assigned to the username
1192	* @param ccfilename Absolute path to the Krb5 credentials cache to
1193	* be removed
1194	*
1195	* @return #wbcErr
1196	**/
1197	wbcErr wbcLogoffUser(const char *username,
1198	uid_t uid,
1199	const char *ccfilename);
1200
1201	/**
1202	* @brief Trigger an extended logoff notification to Winbind for a specific user
1203	*
1204	* @param params A wbcLogoffUserParams structure
1205	* @param error User output details on error
1206	*
1207	* @return #wbcErr
1208	**/
1209	wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params,
1210	struct wbcAuthErrorInfo **error);
1211
1212	/**
1213	* @brief Change a password for a user
1214	*
1215	* @param username Name of user to authenticate
1216	* @param old_password Old clear text password of user
1217	* @param new_password New clear text password of user
1218	*
1219	* @return #wbcErr
1220	**/
1221	wbcErr wbcChangeUserPassword(const char *username,
1222	const char *old_password,
1223	const char *new_password);
1224
1225	/**
1226	* @brief Change a password for a user with more detailed information upon
1227	* failure
1228	*
1229	* @param params Input parameters
1230	* @param error User output details on WBC_ERR_PWD_CHANGE_FAILED
1231	* @param reject_reason New password reject reason on WBC_ERR_PWD_CHANGE_FAILED
1232	* @param policy Password policy output details on WBC_ERR_PWD_CHANGE_FAILED
1233	*
1234	* @return #wbcErr
1235	**/
1236	wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params,
1237	struct wbcAuthErrorInfo **error,
1238	enum wbcPasswordChangeRejectReason *reject_reason,
1239	struct wbcUserPasswordPolicyInfo **policy);
1240
1241	/**
1242	* @brief Authenticate a user with cached credentials
1243	*
1244	* @param *params Pointer to a wbcCredentialCacheParams structure
1245	* @param **info Pointer to a pointer to a wbcCredentialCacheInfo structure
1246	* @param **error Pointer to a pointer to a wbcAuthErrorInfo structure
1247	*
1248	* @return #wbcErr
1249	**/
1250	wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params,
1251	struct wbcCredentialCacheInfo **info,
1252	struct wbcAuthErrorInfo **error);
1253
1254	/**
1255	* @brief Save a password with winbind for doing wbcCredentialCache() later
1256	*
1257	* @param *user Username
1258	* @param *password Password
1259	*
1260	* @return #wbcErr
1261	**/
1262	wbcErr wbcCredentialSave(const char user, const char password);
1263
1264	/**********************************************************
1265	* Resolve functions
1266	**********************************************************/
1267
1268	/**
1269	* @brief Resolve a NetbiosName via WINS
1270	*
1271	* @param name Name to resolve
1272	* @param *ip Pointer to the ip address string
1273	*
1274	* @return #wbcErr
1275	**/
1276	wbcErr wbcResolveWinsByName(const char name, char *ip);
1277
1278	/**
1279	* @brief Resolve an IP address via WINS into a NetbiosName
1280	*
1281	* @param ip The ip address string
1282	* @param *name Pointer to the name
1283	*
1284	* @return #wbcErr
1285	*
1286	**/
1287	wbcErr wbcResolveWinsByIP(const char ip, char *name);
1288
1289	/**********************************************************
1290	* Trusted domain functions
1291	**********************************************************/
1292
1293	/**
1294	* @brief Trigger a verification of the trust credentials of a specific domain
1295	*
1296	* @param *domain The name of the domain.
1297	* @param error Output details on WBC_ERR_AUTH_ERROR
1298	*
1299	* @return #wbcErr
1300	**/
1301	wbcErr wbcCheckTrustCredentials(const char *domain,
1302	struct wbcAuthErrorInfo **error);
1303
1304	/**
1305	* @brief Trigger a change of the trust credentials for a specific domain
1306	*
1307	* @param *domain The name of the domain.
1308	* @param error Output details on WBC_ERR_AUTH_ERROR
1309	*
1310	* @return #wbcErr
1311	**/
1312	wbcErr wbcChangeTrustCredentials(const char *domain,
1313	struct wbcAuthErrorInfo **error);
1314
1315	/**
1316	* @brief Trigger a no-op call through the NETLOGON pipe. Low-cost
1317	* version of wbcCheckTrustCredentials
1318	*
1319	* @param *domain The name of the domain, only NULL for the default domain is
1320	* supported yet. Other values than NULL will result in
1321	* WBC_ERR_NOT_IMPLEMENTED.
1322	* @param error Output details on WBC_ERR_AUTH_ERROR
1323	*
1324	* @return #wbcErr
1325	**/
1326	wbcErr wbcPingDc(const char domain, struct wbcAuthErrorInfo *error);
1327
1328	/**********************************************************
1329	* Helper functions
1330	**********************************************************/
1331
1332	/**
1333	* @brief Initialize a named blob and add to list of blobs
1334	*
1335	* @param[in,out] num_blobs Pointer to the number of blobs
1336	* @param[in,out] blobs Pointer to an array of blobs
1337	* @param[in] name Name of the new named blob
1338	* @param[in] flags Flags of the new named blob
1339	* @param[in] data Blob data of new blob
1340	* @param[in] length Blob data length of new blob
1341	*
1342	* @return #wbcErr
1343	**/
1344	wbcErr wbcAddNamedBlob(size_t *num_blobs,
1345	struct wbcNamedBlob **blobs,
1346	const char *name,
1347	uint32_t flags,
1348	uint8_t *data,
1349	size_t length);
1350
1351	#endif /* _WBCLIENT_H */

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: trunk/server/nsswitch/libwbclient/wbclient.h@ 752

Download in other formats: