2 Unix SMB/CIFS implementation.
6 Copyright (C) Gerald (Jerry) Carter 2007
8 This library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Lesser General Public
10 License as published by the Free Software Foundation; either
11 version 3 of the License, or (at your option) any later version.
13 This library is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Library General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
28 /* Define error types */
31 * @brief Status codes returned from wbc functions
35 WBC_ERR_SUCCESS = 0, /**< Successful completion **/
36 WBC_ERR_NOT_IMPLEMENTED,/**< Function not implemented **/
37 WBC_ERR_UNKNOWN_FAILURE,/**< General failure **/
38 WBC_ERR_NO_MEMORY, /**< Memory allocation error **/
39 WBC_ERR_INVALID_SID, /**< Invalid SID format **/
40 WBC_ERR_INVALID_PARAM, /**< An Invalid parameter was supplied **/
41 WBC_ERR_WINBIND_NOT_AVAILABLE, /**< Winbind daemon is not available **/
42 WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/
43 WBC_INVALID_RESPONSE, /**< Winbind returned an invalid response **/
44 WBC_ERR_NSS_ERROR, /**< NSS_STATUS error **/
45 WBC_ERR_AUTH_ERROR /**< Authentication failed **/
48 typedef enum _wbcErrType wbcErr;
50 #define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS)
52 const char *wbcErrorString(wbcErr error);
55 * Data types used by the Winbind Client API
59 #define MAXSUBAUTHS 15 /* max sub authorities in a SID */
63 * @brief Windows Security Identifier
71 uint32_t sub_auths[MAXSUBAUTHS];
75 * @brief Security Identifier type
79 WBC_SID_NAME_USE_NONE=0,
81 WBC_SID_NAME_DOM_GRP=2,
82 WBC_SID_NAME_DOMAIN=3,
84 WBC_SID_NAME_WKN_GRP=5,
85 WBC_SID_NAME_DELETED=6,
86 WBC_SID_NAME_INVALID=7,
87 WBC_SID_NAME_UNKNOWN=8,
88 WBC_SID_NAME_COMPUTER=9
92 * @brief Security Identifier with attributes
95 struct wbcSidWithAttr {
96 struct wbcDomainSid sid;
100 /* wbcSidWithAttr->attributes */
102 #define WBC_SID_ATTR_GROUP_MANDATORY 0x00000001
103 #define WBC_SID_ATTR_GROUP_ENABLED_BY_DEFAULT 0x00000002
104 #define WBC_SID_ATTR_GROUP_ENABLED 0x00000004
105 #define WBC_SID_ATTR_GROUP_OWNER 0x00000008
106 #define WBC_SID_ATTR_GROUP_USEFOR_DENY_ONLY 0x00000010
107 #define WBC_SID_ATTR_GROUP_RESOURCE 0x20000000
108 #define WBC_SID_ATTR_GROUP_LOGON_ID 0xC0000000
111 * @brief Domain Information
114 struct wbcDomainInfo {
117 struct wbcDomainSid sid;
121 /* wbcDomainInfo->flags */
123 #define WBC_DOMINFO_NATIVE 0x00000001
124 #define WBC_DOMINFO_AD 0x00000002
125 #define WBC_DOMINFO_PRIMARY 0x00000004
128 * @brief Auth User Parameters
131 struct wbcAuthUserParams {
132 const char *account_name;
133 const char *domain_name;
134 const char *workstation_name;
138 uint32_t parameter_control;
140 enum wbcAuthUserLevel {
141 WBC_AUTH_USER_LEVEL_PLAIN = 1,
142 WBC_AUTH_USER_LEVEL_HASH = 2,
143 WBC_AUTH_USER_LEVEL_RESPONSE = 3
146 const char *plaintext;
152 uint8_t challenge[8];
161 /* wbcAuthUserParams->parameter_control */
163 #define WBC_MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x00000002
164 #define WBC_MSV1_0_UPDATE_LOGON_STATISTICS 0x00000004
165 #define WBC_MSV1_0_RETURN_USER_PARAMETERS 0x00000008
166 #define WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x00000020
167 #define WBC_MSV1_0_RETURN_PROFILE_PATH 0x00000200
168 #define WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x00000800
170 /* wbcAuthUserParams->flags */
172 #define WBC_AUTH_PARAM_FLAGS_INTERACTIVE_LOGON 0x00000001
175 * @brief Auth User Information
177 * Some of the strings are maybe NULL
180 struct wbcAuthUserInfo {
184 char *user_principal;
187 char *dns_domain_name;
190 uint8_t user_session_key[16];
191 uint8_t lm_session_key[8];
193 uint16_t logon_count;
194 uint16_t bad_password_count;
197 uint64_t logoff_time;
198 uint64_t kickoff_time;
199 uint64_t pass_last_set_time;
200 uint64_t pass_can_change_time;
201 uint64_t pass_must_change_time;
206 char *home_directory;
210 * the 1st one is the account sid
211 * the 2nd one is the primary_group sid
212 * followed by the rest of the groups
215 struct wbcSidWithAttr *sids;
218 /* wbcAuthUserInfo->user_flags */
220 #define WBC_AUTH_USER_INFO_GUEST 0x00000001
221 #define WBC_AUTH_USER_INFO_NOENCRYPTION 0x00000002
222 #define WBC_AUTH_USER_INFO_CACHED_ACCOUNT 0x00000004
223 #define WBC_AUTH_USER_INFO_USED_LM_PASSWORD 0x00000008
224 #define WBC_AUTH_USER_INFO_EXTRA_SIDS 0x00000020
225 #define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY 0x00000040
226 #define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT 0x00000080
227 #define WBC_AUTH_USER_INFO_NTLMV2_ENABLED 0x00000100
228 #define WBC_AUTH_USER_INFO_RESOURCE_GROUPS 0x00000200
229 #define WBC_AUTH_USER_INFO_PROFILE_PATH_RETURNED 0x00000400
230 #define WBC_AUTH_USER_INFO_GRACE_LOGON 0x01000000
232 /* wbcAuthUserInfo->acct_flags */
234 #define WBC_ACB_DISABLED 0x00000001 /* 1 User account disabled */
235 #define WBC_ACB_HOMDIRREQ 0x00000002 /* 1 Home directory required */
236 #define WBC_ACB_PWNOTREQ 0x00000004 /* 1 User password not required */
237 #define WBC_ACB_TEMPDUP 0x00000008 /* 1 Temporary duplicate account */
238 #define WBC_ACB_NORMAL 0x00000010 /* 1 Normal user account */
239 #define WBC_ACB_MNS 0x00000020 /* 1 MNS logon user account */
240 #define WBC_ACB_DOMTRUST 0x00000040 /* 1 Interdomain trust account */
241 #define WBC_ACB_WSTRUST 0x00000080 /* 1 Workstation trust account */
242 #define WBC_ACB_SVRTRUST 0x00000100 /* 1 Server trust account */
243 #define WBC_ACB_PWNOEXP 0x00000200 /* 1 User password does not expire */
244 #define WBC_ACB_AUTOLOCK 0x00000400 /* 1 Account auto locked */
245 #define WBC_ACB_ENC_TXT_PWD_ALLOWED 0x00000800 /* 1 Encryped text password is allowed */
246 #define WBC_ACB_SMARTCARD_REQUIRED 0x00001000 /* 1 Smart Card required */
247 #define WBC_ACB_TRUSTED_FOR_DELEGATION 0x00002000 /* 1 Trusted for Delegation */
248 #define WBC_ACB_NOT_DELEGATED 0x00004000 /* 1 Not delegated */
249 #define WBC_ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 Use DES key only */
250 #define WBC_ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 Preauth not required */
251 #define WBC_ACB_PW_EXPIRED 0x00020000 /* 1 Password Expired */
252 #define WBC_ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */
254 struct wbcAuthErrorInfo {
258 char *display_string;
265 void wbcFreeMemory(void*);
269 * Utility functions for dealing with SIDs
272 wbcErr wbcSidToString(const struct wbcDomainSid *sid,
275 wbcErr wbcStringToSid(const char *sid_string,
276 struct wbcDomainSid *sid);
278 wbcErr wbcPing(void);
281 * Name/SID conversion
284 wbcErr wbcLookupName(const char *dom_name,
286 struct wbcDomainSid *sid,
287 enum wbcSidType *name_type);
289 wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
292 enum wbcSidType *name_type);
294 wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
297 const char **domain_name,
299 enum wbcSidType **types);
302 * SID/uid/gid Mappings
305 wbcErr wbcSidToUid(const struct wbcDomainSid *sid,
308 wbcErr wbcUidToSid(uid_t uid,
309 struct wbcDomainSid *sid);
311 wbcErr wbcSidToGid(const struct wbcDomainSid *sid,
314 wbcErr wbcGidToSid(gid_t gid,
315 struct wbcDomainSid *sid);
317 wbcErr wbcAllocateUid(uid_t *puid);
319 wbcErr wbcAllocateGid(uid_t *pgid);
322 * NSS Lookup User/Group details
325 wbcErr wbcGetpwnam(const char *name, struct passwd **pwd);
327 wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd);
329 wbcErr wbcGetgrnam(const char *name, struct group **grp);
331 wbcErr wbcGetgrgid(gid_t gid, struct group **grp);
333 wbcErr wbcSetpwent(void);
335 wbcErr wbcEndpwent(void);
337 wbcErr wbcGetpwent(struct passwd **pwd);
339 wbcErr wbcSetgrent(void);
341 wbcErr wbcEndgrent(void);
343 wbcErr wbcGetgrent(struct group **grp);
347 * Lookup Domain information
350 wbcErr wbcDomainInfo(const char *domain,
351 struct wbcDomainInfo **info);
353 wbcErr wbcDomainSequenceNumbers(void);
356 * Athenticate functions
359 wbcErr wbcAuthenticateUser(const char *username,
360 const char *password);
362 wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
363 struct wbcAuthUserInfo **info,
364 struct wbcAuthErrorInfo **error);
366 #endif /* _WBCLIENT_H */