source3/nsswitch/libwbclient/wbclient.h

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Winbind client API
   5
   6    Copyright (C) Gerald (Jerry) Carter 2007
   7
   8    This library is free software; you can redistribute it and/or
   9    modify it under the terms of the GNU Lesser General Public
  10    License as published by the Free Software Foundation; either
  11    version 3 of the License, or (at your option) any later version.
  12
  13    This library is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  16    Library General Public License for more details.
  17
  18    You should have received a copy of the GNU Lesser General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  20 */
  21
  22 #ifndef _WBCLIENT_H
  23 #define _WBCLIENT_H
  24
  25 #include <pwd.h>
  26 #include <grp.h>
  27
  28 /* Define error types */
  29
  30 /**
  31  *  @brief Status codes returned from wbc functions
  32  **/
  33
  34 enum _wbcErrType {
  35         WBC_ERR_SUCCESS = 0,    /**< Successful completion **/
  36         WBC_ERR_NOT_IMPLEMENTED,/**< Function not implemented **/
  37         WBC_ERR_UNKNOWN_FAILURE,/**< General failure **/
  38         WBC_ERR_NO_MEMORY,      /**< Memory allocation error **/
  39         WBC_ERR_INVALID_SID,    /**< Invalid SID format **/
  40         WBC_ERR_INVALID_PARAM,  /**< An Invalid parameter was supplied **/
  41         WBC_ERR_WINBIND_NOT_AVAILABLE,   /**< Winbind daemon is not available **/
  42         WBC_ERR_DOMAIN_NOT_FOUND,        /**< Domain is not trusted or cannot be found **/
  43         WBC_INVALID_RESPONSE,        /**< Winbind returned an invalid response **/
  44         WBC_ERR_NSS_ERROR,            /**< NSS_STATUS error **/
  45         WBC_ERR_AUTH_ERROR        /**< Authentication failed **/
  46 };
  47
  48 typedef enum _wbcErrType wbcErr;
  49
  50 #define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS)
  51
  52 const char *wbcErrorString(wbcErr error);
  53
  54 /*
  55  * Data types used by the Winbind Client API
  56  */
  57
  58 #ifndef MAXSUBAUTHS
  59 #define MAXSUBAUTHS 15 /* max sub authorities in a SID */
  60 #endif
  61
  62 /**
  63  *  @brief Windows Security Identifier
  64  *
  65  **/
  66
  67 struct wbcDomainSid {
  68         uint8_t   sid_rev_num;
  69         uint8_t   num_auths;
  70         uint8_t   id_auth[6];
  71         uint32_t  sub_auths[MAXSUBAUTHS];
  72 };
  73
  74 /**
  75  * @brief Security Identifier type
  76  **/
  77
  78 enum wbcSidType {
  79         WBC_SID_NAME_USE_NONE=0,
  80         WBC_SID_NAME_USER=1,
  81         WBC_SID_NAME_DOM_GRP=2,
  82         WBC_SID_NAME_DOMAIN=3,
  83         WBC_SID_NAME_ALIAS=4,
  84         WBC_SID_NAME_WKN_GRP=5,
  85         WBC_SID_NAME_DELETED=6,
  86         WBC_SID_NAME_INVALID=7,
  87         WBC_SID_NAME_UNKNOWN=8,
  88         WBC_SID_NAME_COMPUTER=9
  89 };
  90
  91 /**
  92  * @brief Security Identifier with attributes
  93  **/
  94
  95 struct wbcSidWithAttr {
  96         struct wbcDomainSid sid;
  97         uint32_t attributes;
  98 };
  99
 100 /* wbcSidWithAttr->attributes */
 101
 102 #define WBC_SID_ATTR_GROUP_MANDATORY            0x00000001
 103 #define WBC_SID_ATTR_GROUP_ENABLED_BY_DEFAULT   0x00000002
 104 #define WBC_SID_ATTR_GROUP_ENABLED              0x00000004
 105 #define WBC_SID_ATTR_GROUP_OWNER                0x00000008
 106 #define WBC_SID_ATTR_GROUP_USEFOR_DENY_ONLY     0x00000010
 107 #define WBC_SID_ATTR_GROUP_RESOURCE             0x20000000
 108 #define WBC_SID_ATTR_GROUP_LOGON_ID             0xC0000000
 109
 110 /**
 111  * @brief Domain Information
 112  **/
 113
 114 struct wbcDomainInfo {
 115         char *short_name;
 116         char *dns_name;
 117         struct wbcDomainSid sid;
 118         uint32_t flags;
 119 };
 120
 121 /* wbcDomainInfo->flags */
 122
 123 #define WBC_DOMINFO_NATIVE            0x00000001
 124 #define WBC_DOMINFO_AD                0x00000002
 125 #define WBC_DOMINFO_PRIMARY           0x00000004
 126
 127 /**
 128  * @brief Auth User Parameters
 129  **/
 130
 131 struct wbcAuthUserParams {
 132         const char *account_name;
 133         const char *domain_name;
 134         const char *workstation_name;
 135
 136         uint32_t flags;
 137
 138         uint32_t parameter_control;
 139
 140         enum wbcAuthUserLevel {
 141                 WBC_AUTH_USER_LEVEL_PLAIN = 1,
 142                 WBC_AUTH_USER_LEVEL_HASH = 2,
 143                 WBC_AUTH_USER_LEVEL_RESPONSE = 3
 144         } level;
 145         union {
 146                 const char *plaintext;
 147                 struct {
 148                         uint8_t nt_hash[16];
 149                         uint8_t lm_hash[16];
 150                 } hash;
 151                 struct {
 152                         uint8_t challenge[8];
 153                         uint32_t nt_length;
 154                         uint8_t *nt_data;
 155                         uint32_t lm_length;
 156                         uint8_t *lm_data;
 157                 } response;
 158         } password;
 159 };
 160
 161 /* wbcAuthUserParams->parameter_control */
 162
 163 #define WBC_MSV1_0_CLEARTEXT_PASSWORD_ALLOWED           0x00000002
 164 #define WBC_MSV1_0_UPDATE_LOGON_STATISTICS              0x00000004
 165 #define WBC_MSV1_0_RETURN_USER_PARAMETERS               0x00000008
 166 #define WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT           0x00000020
 167 #define WBC_MSV1_0_RETURN_PROFILE_PATH                  0x00000200
 168 #define WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT      0x00000800
 169
 170 /* wbcAuthUserParams->flags */
 171
 172 #define WBC_AUTH_PARAM_FLAGS_INTERACTIVE_LOGON          0x00000001
 173
 174 /**
 175  * @brief Auth User Information
 176  *
 177  * Some of the strings are maybe NULL
 178  **/
 179
 180 struct wbcAuthUserInfo {
 181         uint32_t user_flags;
 182
 183         char *account_name;
 184         char *user_principal;
 185         char *full_name;
 186         char *domain_name;
 187         char *dns_domain_name;
 188
 189         uint32_t acct_flags;
 190         uint8_t user_session_key[16];
 191         uint8_t lm_session_key[8];
 192
 193         uint16_t logon_count;
 194         uint16_t bad_password_count;
 195
 196         uint64_t logon_time;
 197         uint64_t logoff_time;
 198         uint64_t kickoff_time;
 199         uint64_t pass_last_set_time;
 200         uint64_t pass_can_change_time;
 201         uint64_t pass_must_change_time;
 202
 203         char *logon_server;
 204         char *logon_script;
 205         char *profile_path;
 206         char *home_directory;
 207         char *home_drive;
 208
 209         /*
 210          * the 1st one is the account sid
 211          * the 2nd one is the primary_group sid
 212          * followed by the rest of the groups
 213          */
 214         uint32_t num_sids;
 215         struct wbcSidWithAttr *sids;
 216 };
 217
 218 /* wbcAuthUserInfo->user_flags */
 219
 220 #define WBC_AUTH_USER_INFO_GUEST                        0x00000001
 221 #define WBC_AUTH_USER_INFO_NOENCRYPTION                 0x00000002
 222 #define WBC_AUTH_USER_INFO_CACHED_ACCOUNT               0x00000004
 223 #define WBC_AUTH_USER_INFO_USED_LM_PASSWORD             0x00000008
 224 #define WBC_AUTH_USER_INFO_EXTRA_SIDS                   0x00000020
 225 #define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY          0x00000040
 226 #define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT         0x00000080
 227 #define WBC_AUTH_USER_INFO_NTLMV2_ENABLED               0x00000100
 228 #define WBC_AUTH_USER_INFO_RESOURCE_GROUPS              0x00000200
 229 #define WBC_AUTH_USER_INFO_PROFILE_PATH_RETURNED        0x00000400
 230 #define WBC_AUTH_USER_INFO_GRACE_LOGON                  0x01000000
 231
 232 /* wbcAuthUserInfo->acct_flags */
 233
 234 #define WBC_ACB_DISABLED                        0x00000001 /* 1 User account disabled */
 235 #define WBC_ACB_HOMDIRREQ                       0x00000002 /* 1 Home directory required */
 236 #define WBC_ACB_PWNOTREQ                        0x00000004 /* 1 User password not required */
 237 #define WBC_ACB_TEMPDUP                         0x00000008 /* 1 Temporary duplicate account */
 238 #define WBC_ACB_NORMAL                          0x00000010 /* 1 Normal user account */
 239 #define WBC_ACB_MNS                             0x00000020 /* 1 MNS logon user account */
 240 #define WBC_ACB_DOMTRUST                        0x00000040 /* 1 Interdomain trust account */
 241 #define WBC_ACB_WSTRUST                         0x00000080 /* 1 Workstation trust account */
 242 #define WBC_ACB_SVRTRUST                        0x00000100 /* 1 Server trust account */
 243 #define WBC_ACB_PWNOEXP                         0x00000200 /* 1 User password does not expire */
 244 #define WBC_ACB_AUTOLOCK                        0x00000400 /* 1 Account auto locked */
 245 #define WBC_ACB_ENC_TXT_PWD_ALLOWED             0x00000800 /* 1 Encryped text password is allowed */
 246 #define WBC_ACB_SMARTCARD_REQUIRED              0x00001000 /* 1 Smart Card required */
 247 #define WBC_ACB_TRUSTED_FOR_DELEGATION          0x00002000 /* 1 Trusted for Delegation */
 248 #define WBC_ACB_NOT_DELEGATED                   0x00004000 /* 1 Not delegated */
 249 #define WBC_ACB_USE_DES_KEY_ONLY                0x00008000 /* 1 Use DES key only */
 250 #define WBC_ACB_DONT_REQUIRE_PREAUTH            0x00010000 /* 1 Preauth not required */
 251 #define WBC_ACB_PW_EXPIRED                      0x00020000 /* 1 Password Expired */
 252 #define WBC_ACB_NO_AUTH_DATA_REQD               0x00080000   /* 1 = No authorization data required */
 253
 254 struct wbcAuthErrorInfo {
 255         uint32_t nt_status;
 256         char *nt_string;
 257         int32_t pam_error;
 258         char *display_string;
 259 };
 260
 261 /*
 262  * Memory Management
 263  */
 264
 265 void wbcFreeMemory(void*);
 266
 267
 268 /*
 269  * Utility functions for dealing with SIDs
 270  */
 271
 272 wbcErr wbcSidToString(const struct wbcDomainSid *sid,
 273                       char **sid_string);
 274
 275 wbcErr wbcStringToSid(const char *sid_string,
 276                       struct wbcDomainSid *sid);
 277
 278 wbcErr wbcPing(void);
 279
 280 /*
 281  * Name/SID conversion
 282  */
 283
 284 wbcErr wbcLookupName(const char *dom_name,
 285                      const char *name,
 286                      struct wbcDomainSid *sid,
 287                      enum wbcSidType *name_type);
 288
 289 wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
 290                     char **domain,
 291                     char **name,
 292                     enum wbcSidType *name_type);
 293
 294 wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
 295                      int num_rids,
 296                      uint32_t *rids,
 297                      const char **domain_name,
 298                      const char ***names,
 299                      enum wbcSidType **types);
 300
 301 /*
 302  * SID/uid/gid Mappings
 303  */
 304
 305 wbcErr wbcSidToUid(const struct wbcDomainSid *sid,
 306                    uid_t *puid);
 307
 308 wbcErr wbcUidToSid(uid_t uid,
 309                    struct wbcDomainSid *sid);
 310
 311 wbcErr wbcSidToGid(const struct wbcDomainSid *sid,
 312                    gid_t *pgid);
 313
 314 wbcErr wbcGidToSid(gid_t gid,
 315                    struct wbcDomainSid *sid);
 316
 317 wbcErr wbcAllocateUid(uid_t *puid);
 318
 319 wbcErr wbcAllocateGid(uid_t *pgid);
 320
 321 /*
 322  * NSS Lookup User/Group details
 323  */
 324
 325 wbcErr wbcGetpwnam(const char *name, struct passwd **pwd);
 326
 327 wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd);
 328
 329 wbcErr wbcGetgrnam(const char *name, struct group **grp);
 330
 331 wbcErr wbcGetgrgid(gid_t gid, struct group **grp);
 332
 333 wbcErr wbcSetpwent(void);
 334
 335 wbcErr wbcEndpwent(void);
 336
 337 wbcErr wbcGetpwent(struct passwd **pwd);
 338
 339 wbcErr wbcSetgrent(void);
 340
 341 wbcErr wbcEndgrent(void);
 342
 343 wbcErr wbcGetgrent(struct group **grp);
 344
 345
 346 /*
 347  * Lookup Domain information
 348  */
 349
 350 wbcErr wbcDomainInfo(const char *domain,
 351                      struct wbcDomainInfo **info);
 352
 353 wbcErr wbcDomainSequenceNumbers(void);
 354
 355 /*
 356  * Athenticate functions
 357  */
 358
 359 wbcErr wbcAuthenticateUser(const char *username,
 360                            const char *password);
 361
 362 wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
 363                              struct wbcAuthUserInfo **info,
 364                              struct wbcAuthErrorInfo **error);
 365
 366 #endif      /* _WBCLIENT_H */