2 Unix SMB/CIFS implementation.
4 Winbind daemon for ntdom nss module
6 Copyright (C) Tim Potter 2000
8 You are free to use this interface definition in any way you see
9 fit, including without restriction, using this header in your own
10 products. You do not need to give any attribution.
15 #define CONST_DISCARD(type, ptr) ((type) ((void *) (ptr)))
19 #define CONST_ADD(type, ptr) ((type) ((const void *) (ptr)))
23 #define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0)
26 #ifndef _WINBINDD_NTDOM_H
27 #define _WINBINDD_NTDOM_H
29 #define WINBINDD_SOCKET_NAME "pipe" /* Name of PF_UNIX socket */
30 #define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */
31 #define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */
32 #define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */
33 #define WINBINDD_DONT_ENV "_NO_WINBINDD"
35 /* Update this when you change the interface. */
37 #define WINBIND_INTERFACE_VERSION 15
43 WINBINDD_INTERFACE_VERSION, /* Always a well known value */
45 /* Get users and groups */
53 /* Enumerate users and groups */
62 /* PAM authenticate and password change */
65 WINBINDD_PAM_AUTH_CRAP,
66 WINBINDD_PAM_CHAUTHTOK,
69 /* List various things */
71 WINBINDD_LIST_USERS, /* List w/o rid->id mapping */
72 WINBINDD_LIST_GROUPS, /* Ditto */
73 WINBINDD_LIST_TRUSTDOM,
81 /* Lookup functions */
88 WINBINDD_ALLOCATE_UID,
89 WINBINDD_ALLOCATE_GID,
91 /* Miscellaneous other stuff */
93 WINBINDD_CHECK_MACHACC, /* Check machine account pw works */
94 WINBINDD_PING, /* Just tell me winbind is running */
95 WINBINDD_INFO, /* Various bit of info. Currently just tidbits */
96 WINBINDD_DOMAIN_NAME, /* The domain this winbind server is a member of (lp_workgroup()) */
98 WINBINDD_DOMAIN_INFO, /* Most of what we know from
99 struct winbindd_domain */
100 WINBINDD_GETDCNAME, /* Issue a GetDCName Request */
102 WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */
107 WINBINDD_WINS_BYNAME,
109 /* this is like GETGRENT but gives an empty group list */
112 WINBINDD_NETBIOS_NAME, /* The netbios name of the server */
114 /* find the location of our privileged pipe */
115 WINBINDD_PRIV_PIPE_DIR,
117 /* return a list of group sids for a user sid */
118 WINBINDD_GETUSERSIDS,
120 /* Various group queries */
121 WINBINDD_GETUSERDOMGROUPS,
123 /* Initialize connection in a child */
124 WINBINDD_INIT_CONNECTION,
126 /* Blocking calls that are not allowed on the main winbind pipe, only
127 * between parent and children */
128 WINBINDD_DUAL_SID2UID,
129 WINBINDD_DUAL_SID2GID,
130 WINBINDD_DUAL_IDMAPSET,
132 /* Wrapper around possibly blocking unix nss calls */
133 WINBINDD_DUAL_UID2NAME,
134 WINBINDD_DUAL_NAME2UID,
135 WINBINDD_DUAL_GID2NAME,
136 WINBINDD_DUAL_NAME2GID,
138 WINBINDD_DUAL_USERINFO,
139 WINBINDD_DUAL_GETSIDALIASES,
144 typedef struct winbindd_pw {
155 typedef struct winbindd_gr {
160 uint32 gr_mem_ofs; /* offset to group membership */
164 #define WBFLAG_PAM_INFO3_NDR 0x0001
165 #define WBFLAG_PAM_INFO3_TEXT 0x0002
166 #define WBFLAG_PAM_USER_SESSION_KEY 0x0004
167 #define WBFLAG_PAM_LMKEY 0x0008
168 #define WBFLAG_PAM_CONTACT_TRUSTDOM 0x0010
169 #define WBFLAG_QUERY_ONLY 0x0020
170 #define WBFLAG_PAM_UNIX_NAME 0x0080
171 #define WBFLAG_PAM_AFS_TOKEN 0x0100
172 #define WBFLAG_PAM_NT_STATUS_SQUASH 0x0200
174 /* This is a flag that can only be sent from parent to child */
175 #define WBFLAG_IS_PRIVILEGED 0x0400
176 /* Flag to say this is a winbindd internal send - don't recurse. */
177 #define WBFLAG_RECURSE 0x0800
179 #define WBFLAG_PAM_KRB5 0x1000
180 #define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x2000
181 #define WBFLAG_PAM_CACHED_LOGIN 0x4000
182 #define WBFLAG_PAM_GET_PWD_POLICY 0x8000
184 #define WINBINDD_MAX_EXTRA_DATA (128*1024)
186 /* Winbind request structure */
188 struct winbindd_request {
190 enum winbindd_cmd cmd; /* Winbindd command to execute */
191 pid_t pid; /* pid of calling process */
192 uint32 flags; /* flags relavant to a given request */
193 fstring domain_name; /* name of domain for which the request applies */
196 fstring winsreq; /* WINS request */
197 fstring username; /* getpwnam */
198 fstring groupname; /* getgrnam */
199 uid_t uid; /* getpwuid, uid_to_sid */
200 gid_t gid; /* getgrgid, gid_to_sid */
202 /* We deliberatedly don't split into domain/user to
203 avoid having the client know what the separator
207 fstring require_membership_of_sid;
208 fstring krb5_cc_type;
210 } auth; /* pam_winbind auth module */
212 unsigned char chal[8];
213 uint32 logon_parameters;
221 fstring require_membership_of_sid;
227 } chauthtok; /* pam_winbind passwd module */
232 } logoff; /* pam_winbind session module */
233 fstring sid; /* lookupsid, sid_to_[ug]id */
235 fstring dom_name; /* lookupname */
238 uint32 num_entries; /* getpwent, getgrent */
258 BOOL list_all_domains;
270 /* Response values */
272 enum winbindd_result {
278 /* Winbind response structure */
280 struct winbindd_response {
282 /* Header information */
284 uint32 length; /* Length of response */
285 enum winbindd_result result; /* Result code */
287 /* Fixed length return data */
290 int interface_version; /* Try to ensure this is always in the same spot... */
292 fstring winsresp; /* WINS response */
294 /* getpwnam, getpwuid */
296 struct winbindd_pw pw;
298 /* getgrnam, getgrgid */
300 struct winbindd_gr gr;
302 uint32 num_entries; /* getpwent, getgrent */
303 struct winbindd_sid {
304 fstring sid; /* lookupname, [ug]id_to_sid */
307 struct winbindd_name {
308 fstring dom_name; /* lookupsid */
312 uid_t uid; /* sid_to_uid */
313 gid_t gid; /* sid_to_gid */
314 struct winbindd_info {
315 char winbind_separator;
316 fstring samba_version;
319 fstring netbios_name;
324 fstring nt_status_string;
325 fstring error_string;
327 char user_session_key[16];
328 char first_8_lm_hash[8];
330 struct policy_settings {
331 uint16 min_length_password;
332 uint16 password_history;
333 uint32 password_properties;
335 time_t min_passwordage;
337 uint32 reject_reason;
342 time_t pass_last_set_time;
343 time_t pass_can_change_time;
344 time_t pass_must_change_time;
353 uint32 num_other_sids;
356 fstring logon_script;
357 fstring profile_path;
369 BOOL active_directory;
371 uint32 sequence_number;
382 /* Variable length return data */
392 struct WINBINDD_CCACHE_ENTRY {
393 const char *principal_name;
396 const char *username;
397 const char *sid_string;
404 struct timed_event *event;
405 struct WINBINDD_CCACHE_ENTRY *next, *prev;