source3/nsswitch/winbindd_nss.h

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Winbind daemon for ntdom nss module
   5
   6    Copyright (C) Tim Potter 2000
   7
   8    You are free to use this interface definition in any way you see
   9    fit, including without restriction, using this header in your own
  10    products. You do not need to give any attribution.
  11 */
  12
  13
  14 #ifndef CONST_DISCARD
  15 #define CONST_DISCARD(type, ptr)      ((type) ((void *) (ptr)))
  16 #endif
  17
  18 #ifndef CONST_ADD
  19 #define CONST_ADD(type, ptr)          ((type) ((const void *) (ptr)))
  20 #endif
  21
  22 #ifndef SAFE_FREE
  23 #define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0)
  24 #endif
  25
  26 #ifndef _WINBINDD_NTDOM_H
  27 #define _WINBINDD_NTDOM_H
  28
  29 #define WINBINDD_SOCKET_NAME "pipe"            /* Name of PF_UNIX socket */
  30 #define WINBINDD_SOCKET_DIR  "/tmp/.winbindd"  /* Name of PF_UNIX dir */
  31 #define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */
  32 #define WINBINDD_DOMAIN_ENV  "WINBINDD_DOMAIN" /* Environment variables */
  33 #define WINBINDD_DONT_ENV    "_NO_WINBINDD"
  34
  35 /* Update this when you change the interface.  */
  36
  37 #define WINBIND_INTERFACE_VERSION 15
  38
  39 /* Socket commands */
  40
  41 enum winbindd_cmd {
  42
  43         WINBINDD_INTERFACE_VERSION,    /* Always a well known value */
  44
  45         /* Get users and groups */
  46
  47         WINBINDD_GETPWNAM,
  48         WINBINDD_GETPWUID,
  49         WINBINDD_GETGRNAM,
  50         WINBINDD_GETGRGID,
  51         WINBINDD_GETGROUPS,
  52
  53         /* Enumerate users and groups */
  54
  55         WINBINDD_SETPWENT,
  56         WINBINDD_ENDPWENT,
  57         WINBINDD_GETPWENT,
  58         WINBINDD_SETGRENT,
  59         WINBINDD_ENDGRENT,
  60         WINBINDD_GETGRENT,
  61
  62         /* PAM authenticate and password change */
  63
  64         WINBINDD_PAM_AUTH,
  65         WINBINDD_PAM_AUTH_CRAP,
  66         WINBINDD_PAM_CHAUTHTOK,
  67         WINBINDD_PAM_LOGOFF,
  68
  69         /* List various things */
  70
  71         WINBINDD_LIST_USERS,         /* List w/o rid->id mapping */
  72         WINBINDD_LIST_GROUPS,        /* Ditto */
  73         WINBINDD_LIST_TRUSTDOM,
  74
  75         /* SID conversion */
  76
  77         WINBINDD_LOOKUPSID,
  78         WINBINDD_LOOKUPNAME,
  79         WINBINDD_LOOKUPRIDS,
  80
  81         /* Lookup functions */
  82
  83         WINBINDD_SID_TO_UID,
  84         WINBINDD_SID_TO_GID,
  85         WINBINDD_UID_TO_SID,
  86         WINBINDD_GID_TO_SID,
  87
  88         WINBINDD_ALLOCATE_UID,
  89         WINBINDD_ALLOCATE_GID,
  90
  91         /* Miscellaneous other stuff */
  92
  93         WINBINDD_CHECK_MACHACC,     /* Check machine account pw works */
  94         WINBINDD_PING,              /* Just tell me winbind is running */
  95         WINBINDD_INFO,              /* Various bit of info.  Currently just tidbits */
  96         WINBINDD_DOMAIN_NAME,       /* The domain this winbind server is a member of (lp_workgroup()) */
  97
  98         WINBINDD_DOMAIN_INFO,   /* Most of what we know from
  99                                    struct winbindd_domain */
 100         WINBINDD_GETDCNAME,     /* Issue a GetDCName Request */
 101
 102         WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */
 103
 104         /* WINS commands */
 105
 106         WINBINDD_WINS_BYIP,
 107         WINBINDD_WINS_BYNAME,
 108
 109         /* this is like GETGRENT but gives an empty group list */
 110         WINBINDD_GETGRLST,
 111
 112         WINBINDD_NETBIOS_NAME,       /* The netbios name of the server */
 113
 114         /* find the location of our privileged pipe */
 115         WINBINDD_PRIV_PIPE_DIR,
 116
 117         /* return a list of group sids for a user sid */
 118         WINBINDD_GETUSERSIDS,
 119
 120         /* Various group queries */
 121         WINBINDD_GETUSERDOMGROUPS,
 122
 123         /* Initialize connection in a child */
 124         WINBINDD_INIT_CONNECTION,
 125
 126         /* Blocking calls that are not allowed on the main winbind pipe, only
 127          * between parent and children */
 128         WINBINDD_DUAL_SID2UID,
 129         WINBINDD_DUAL_SID2GID,
 130         WINBINDD_DUAL_IDMAPSET,
 131
 132         /* Wrapper around possibly blocking unix nss calls */
 133         WINBINDD_DUAL_UID2NAME,
 134         WINBINDD_DUAL_NAME2UID,
 135         WINBINDD_DUAL_GID2NAME,
 136         WINBINDD_DUAL_NAME2GID,
 137
 138         WINBINDD_DUAL_USERINFO,
 139         WINBINDD_DUAL_GETSIDALIASES,
 140
 141         WINBINDD_NUM_CMDS
 142 };
 143
 144 typedef struct winbindd_pw {
 145         fstring pw_name;
 146         fstring pw_passwd;
 147         uid_t pw_uid;
 148         gid_t pw_gid;
 149         fstring pw_gecos;
 150         fstring pw_dir;
 151         fstring pw_shell;
 152 } WINBINDD_PW;
 153
 154
 155 typedef struct winbindd_gr {
 156         fstring gr_name;
 157         fstring gr_passwd;
 158         gid_t gr_gid;
 159         uint32 num_gr_mem;
 160         uint32 gr_mem_ofs;   /* offset to group membership */
 161 } WINBINDD_GR;
 162
 163
 164 #define WBFLAG_PAM_INFO3_NDR            0x0001
 165 #define WBFLAG_PAM_INFO3_TEXT           0x0002
 166 #define WBFLAG_PAM_USER_SESSION_KEY     0x0004
 167 #define WBFLAG_PAM_LMKEY                0x0008
 168 #define WBFLAG_PAM_CONTACT_TRUSTDOM     0x0010
 169 #define WBFLAG_QUERY_ONLY               0x0020
 170 #define WBFLAG_PAM_UNIX_NAME            0x0080
 171 #define WBFLAG_PAM_AFS_TOKEN            0x0100
 172 #define WBFLAG_PAM_NT_STATUS_SQUASH     0x0200
 173
 174 /* This is a flag that can only be sent from parent to child */
 175 #define WBFLAG_IS_PRIVILEGED            0x0400
 176 /* Flag to say this is a winbindd internal send - don't recurse. */
 177 #define WBFLAG_RECURSE                  0x0800
 178
 179 #define WBFLAG_PAM_KRB5                 0x1000
 180 #define WBFLAG_PAM_FALLBACK_AFTER_KRB5  0x2000
 181 #define WBFLAG_PAM_CACHED_LOGIN         0x4000
 182 #define WBFLAG_PAM_GET_PWD_POLICY       0x8000
 183
 184 #define WINBINDD_MAX_EXTRA_DATA (128*1024)
 185
 186 /* Winbind request structure */
 187
 188 struct winbindd_request {
 189         uint32 length;
 190         enum winbindd_cmd cmd;   /* Winbindd command to execute */
 191         pid_t pid;               /* pid of calling process */
 192         uint32 flags;            /* flags relavant to a given request */
 193         fstring domain_name;    /* name of domain for which the request applies */
 194
 195         union {
 196                 fstring winsreq;     /* WINS request */
 197                 fstring username;    /* getpwnam */
 198                 fstring groupname;   /* getgrnam */
 199                 uid_t uid;           /* getpwuid, uid_to_sid */
 200                 gid_t gid;           /* getgrgid, gid_to_sid */
 201                 struct {
 202                         /* We deliberatedly don't split into domain/user to
 203                            avoid having the client know what the separator
 204                            character is. */
 205                         fstring user;
 206                         fstring pass;
 207                         fstring require_membership_of_sid;
 208                         fstring krb5_cc_type;
 209                         uid_t uid;
 210                 } auth;              /* pam_winbind auth module */
 211                 struct {
 212                         unsigned char chal[8];
 213                         uint32 logon_parameters;
 214                         fstring user;
 215                         fstring domain;
 216                         fstring lm_resp;
 217                         uint16 lm_resp_len;
 218                         fstring nt_resp;
 219                         uint16 nt_resp_len;
 220                         fstring workstation;
 221                         fstring require_membership_of_sid;
 222                 } auth_crap;
 223                 struct {
 224                     fstring user;
 225                     fstring oldpass;
 226                     fstring newpass;
 227                 } chauthtok;         /* pam_winbind passwd module */
 228                 struct {
 229                         fstring user;
 230                         fstring krb5ccname;
 231                         uid_t uid;
 232                 } logoff;              /* pam_winbind session module */
 233                 fstring sid;         /* lookupsid, sid_to_[ug]id */
 234                 struct {
 235                         fstring dom_name;       /* lookupname */
 236                         fstring name;
 237                 } name;
 238                 uint32 num_entries;  /* getpwent, getgrent */
 239                 struct {
 240                         fstring username;
 241                         fstring groupname;
 242                 } acct_mgt;
 243                 struct {
 244                         BOOL is_primary;
 245                         fstring dcname;
 246                 } init_conn;
 247                 struct {
 248                         fstring sid;
 249                         fstring name;
 250                         BOOL alloc;
 251                 } dual_sid2id;
 252                 struct {
 253                         int type;
 254                         uid_t uid;
 255                         gid_t gid;
 256                         fstring sid;
 257                 } dual_idmapset;
 258                 BOOL list_all_domains;
 259         } data;
 260         union {
 261 #if defined(uint64)
 262                 uint64 z;
 263 #endif
 264                 char *data;
 265         } extra_data;
 266         uint32 extra_len;
 267         char null_term;
 268 };
 269
 270 /* Response values */
 271
 272 enum winbindd_result {
 273         WINBINDD_ERROR,
 274         WINBINDD_PENDING,
 275         WINBINDD_OK
 276 };
 277
 278 /* Winbind response structure */
 279
 280 struct winbindd_response {
 281
 282         /* Header information */
 283
 284         uint32 length;                        /* Length of response */
 285         enum winbindd_result result;          /* Result code */
 286
 287         /* Fixed length return data */
 288
 289         union {
 290                 int interface_version;  /* Try to ensure this is always in the same spot... */
 291
 292                 fstring winsresp;               /* WINS response */
 293
 294                 /* getpwnam, getpwuid */
 295
 296                 struct winbindd_pw pw;
 297
 298                 /* getgrnam, getgrgid */
 299
 300                 struct winbindd_gr gr;
 301
 302                 uint32 num_entries; /* getpwent, getgrent */
 303                 struct winbindd_sid {
 304                         fstring sid;        /* lookupname, [ug]id_to_sid */
 305                         int type;
 306                 } sid;
 307                 struct winbindd_name {
 308                         fstring dom_name;       /* lookupsid */
 309                         fstring name;
 310                         int type;
 311                 } name;
 312                 uid_t uid;          /* sid_to_uid */
 313                 gid_t gid;          /* sid_to_gid */
 314                 struct winbindd_info {
 315                         char winbind_separator;
 316                         fstring samba_version;
 317                 } info;
 318                 fstring domain_name;
 319                 fstring netbios_name;
 320                 fstring dc_name;
 321
 322                 struct auth_reply {
 323                         uint32 nt_status;
 324                         fstring nt_status_string;
 325                         fstring error_string;
 326                         int pam_error;
 327                         char user_session_key[16];
 328                         char first_8_lm_hash[8];
 329                         fstring krb5ccname;
 330                         struct policy_settings {
 331                                 uint16 min_length_password;
 332                                 uint16 password_history;
 333                                 uint32 password_properties;
 334                                 time_t expire;
 335                                 time_t min_passwordage;
 336                         } policy;
 337                         uint32 reject_reason;
 338                         struct info3_text {
 339                                 time_t logon_time;
 340                                 time_t logoff_time;
 341                                 time_t kickoff_time;
 342                                 time_t pass_last_set_time;
 343                                 time_t pass_can_change_time;
 344                                 time_t pass_must_change_time;
 345                                 uint16 logon_count;
 346                                 uint16 bad_pw_count;
 347                                 uint32 user_rid;
 348                                 uint32 group_rid;
 349                                 fstring dom_sid;
 350                                 uint32 num_groups;
 351                                 uint32 user_flgs;
 352                                 uint32 acct_flags;
 353                                 uint32 num_other_sids;
 354                                 fstring user_name;
 355                                 fstring full_name;
 356                                 fstring logon_script;
 357                                 fstring profile_path;
 358                                 fstring home_dir;
 359                                 fstring dir_drive;
 360                                 fstring logon_srv;
 361                                 fstring logon_dom;
 362                         } info3;
 363                 } auth;
 364                 struct {
 365                         fstring name;
 366                         fstring alt_name;
 367                         fstring sid;
 368                         BOOL native_mode;
 369                         BOOL active_directory;
 370                         BOOL primary;
 371                         uint32 sequence_number;
 372                 } domain_info;
 373                 struct {
 374                         fstring acct_name;
 375                         fstring full_name;
 376                         fstring homedir;
 377                         fstring shell;
 378                         uint32 group_rid;
 379                 } user_info;
 380         } data;
 381
 382         /* Variable length return data */
 383
 384         union {
 385 #if defined(uint64)
 386                 uint64 z;
 387 #endif
 388                 void *data;
 389         } extra_data;
 390 };
 391
 392 struct WINBINDD_CCACHE_ENTRY {
 393         const char *principal_name;
 394         const char *ccname;
 395         const char *service;
 396         const char *username;
 397         const char *sid_string;
 398         char *pass;
 399         uid_t uid;
 400         time_t create_time;
 401         time_t renew_until;
 402         BOOL refresh_tgt;
 403         time_t refresh_time;
 404         struct timed_event *event;
 405         struct WINBINDD_CCACHE_ENTRY *next, *prev;
 406 };
 407
 408 #endif