Add wbcListTrusts() API call to libwbclient.so
[ira/wip.git] / source3 / nsswitch / libwbclient / wbclient.h
1 /*
2    Unix SMB/CIFS implementation.
3
4    Winbind client API
5
6    Copyright (C) Gerald (Jerry) Carter 2007
7
8    This library is free software; you can redistribute it and/or
9    modify it under the terms of the GNU Lesser General Public
10    License as published by the Free Software Foundation; either
11    version 3 of the License, or (at your option) any later version.
12
13    This library is distributed in the hope that it will be useful,
14    but WITHOUT ANY WARRANTY; without even the implied warranty of
15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16    Library General Public License for more details.
17
18    You should have received a copy of the GNU Lesser General Public License
19    along with this program.  If not, see <http://www.gnu.org/licenses/>.
20 */
21
22 #ifndef _WBCLIENT_H
23 #define _WBCLIENT_H
24
25 #include <pwd.h>
26 #include <grp.h>
27
28 /* Define error types */
29
30 /**
31  *  @brief Status codes returned from wbc functions
32  **/
33
34 enum _wbcErrType {
35         WBC_ERR_SUCCESS = 0,    /**< Successful completion **/
36         WBC_ERR_NOT_IMPLEMENTED,/**< Function not implemented **/
37         WBC_ERR_UNKNOWN_FAILURE,/**< General failure **/
38         WBC_ERR_NO_MEMORY,      /**< Memory allocation error **/
39         WBC_ERR_INVALID_SID,    /**< Invalid SID format **/
40         WBC_ERR_INVALID_PARAM,  /**< An Invalid parameter was supplied **/
41         WBC_ERR_WINBIND_NOT_AVAILABLE,   /**< Winbind daemon is not available **/
42         WBC_ERR_DOMAIN_NOT_FOUND,        /**< Domain is not trusted or cannot be found **/
43         WBC_ERR_INVALID_RESPONSE,        /**< Winbind returned an invalid response **/
44         WBC_ERR_NSS_ERROR,            /**< NSS_STATUS error **/
45         WBC_ERR_AUTH_ERROR        /**< Authentication failed **/
46 };
47
48 typedef enum _wbcErrType wbcErr;
49
50 #define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS)
51
52 const char *wbcErrorString(wbcErr error);
53
54 /**
55  *  @brief Some useful details about the running winbindd
56  *
57  **/
58 struct wbcInterfaceDetails {
59         uint32_t interface_version;
60         const char *winbind_version;
61         char winbind_separator;
62         const char *netbios_name;
63         const char *netbios_domain;
64         const char *dns_domain;
65 };
66
67 /*
68  * Data types used by the Winbind Client API
69  */
70
71 #ifndef MAXSUBAUTHS
72 #define MAXSUBAUTHS 15 /* max sub authorities in a SID */
73 #endif
74
75 /**
76  *  @brief Windows Security Identifier
77  *
78  **/
79
80 struct wbcDomainSid {
81         uint8_t   sid_rev_num;
82         uint8_t   num_auths;
83         uint8_t   id_auth[6];
84         uint32_t  sub_auths[MAXSUBAUTHS];
85 };
86
87 /**
88  * @brief Security Identifier type
89  **/
90
91 enum wbcSidType {
92         WBC_SID_NAME_USE_NONE=0,
93         WBC_SID_NAME_USER=1,
94         WBC_SID_NAME_DOM_GRP=2,
95         WBC_SID_NAME_DOMAIN=3,
96         WBC_SID_NAME_ALIAS=4,
97         WBC_SID_NAME_WKN_GRP=5,
98         WBC_SID_NAME_DELETED=6,
99         WBC_SID_NAME_INVALID=7,
100         WBC_SID_NAME_UNKNOWN=8,
101         WBC_SID_NAME_COMPUTER=9
102 };
103
104 /**
105  * @brief Security Identifier with attributes
106  **/
107
108 struct wbcSidWithAttr {
109         struct wbcDomainSid sid;
110         uint32_t attributes;
111 };
112
113 /* wbcSidWithAttr->attributes */
114
115 #define WBC_SID_ATTR_GROUP_MANDATORY            0x00000001
116 #define WBC_SID_ATTR_GROUP_ENABLED_BY_DEFAULT   0x00000002
117 #define WBC_SID_ATTR_GROUP_ENABLED              0x00000004
118 #define WBC_SID_ATTR_GROUP_OWNER                0x00000008
119 #define WBC_SID_ATTR_GROUP_USEFOR_DENY_ONLY     0x00000010
120 #define WBC_SID_ATTR_GROUP_RESOURCE             0x20000000
121 #define WBC_SID_ATTR_GROUP_LOGON_ID             0xC0000000
122
123 /**
124  * @brief Domain Information
125  **/
126
127 struct wbcDomainInfo {
128         char *short_name;
129         char *dns_name;
130         struct wbcDomainSid sid;
131         uint32_t domain_flags;
132         uint32_t trust_flags;
133         uint32_t trust_type;
134 };
135
136 /* wbcDomainInfo->domain_flags */
137
138 #define WBC_DOMINFO_UNKNOWN           0x00000000
139 #define WBC_DOMINFO_NATIVE            0x00000001
140 #define WBC_DOMINFO_AD                0x00000002
141 #define WBC_DOMINFO_PRIMARY           0x00000004
142
143 /* wbcDomainInfo->trust_flags */
144
145 #define WBC_DOMINFO_TRUST_TRANSITIVE  0x00000001
146 #define WBC_DOMINFO_TRUST_INCOMING    0x00000002
147 #define WBC_DOMINFO_TRUST_OUTGOING    0x00000004
148
149 /* wbcDomainInfo->trust_type */
150
151 #define WBC_DOMINFO_TRUSTTYPE_NONE       0x00000000
152 #define WBC_DOMINFO_TRUSTTYPE_FOREST     0x00000001
153 #define WBC_DOMINFO_TRUSTTYPE_IN_FOREST  0x00000002
154 #define WBC_DOMINFO_TRUSTTYPE_EXTERNAL   0x00000003
155
156
157 /**
158  * @brief Auth User Parameters
159  **/
160
161 struct wbcAuthUserParams {
162         const char *account_name;
163         const char *domain_name;
164         const char *workstation_name;
165
166         uint32_t flags;
167
168         uint32_t parameter_control;
169
170         enum wbcAuthUserLevel {
171                 WBC_AUTH_USER_LEVEL_PLAIN = 1,
172                 WBC_AUTH_USER_LEVEL_HASH = 2,
173                 WBC_AUTH_USER_LEVEL_RESPONSE = 3
174         } level;
175         union {
176                 const char *plaintext;
177                 struct {
178                         uint8_t nt_hash[16];
179                         uint8_t lm_hash[16];
180                 } hash;
181                 struct {
182                         uint8_t challenge[8];
183                         uint32_t nt_length;
184                         uint8_t *nt_data;
185                         uint32_t lm_length;
186                         uint8_t *lm_data;
187                 } response;
188         } password;
189 };
190
191 /* wbcAuthUserParams->parameter_control */
192
193 #define WBC_MSV1_0_CLEARTEXT_PASSWORD_ALLOWED           0x00000002
194 #define WBC_MSV1_0_UPDATE_LOGON_STATISTICS              0x00000004
195 #define WBC_MSV1_0_RETURN_USER_PARAMETERS               0x00000008
196 #define WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT           0x00000020
197 #define WBC_MSV1_0_RETURN_PROFILE_PATH                  0x00000200
198 #define WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT      0x00000800
199
200 /* wbcAuthUserParams->flags */
201
202 #define WBC_AUTH_PARAM_FLAGS_INTERACTIVE_LOGON          0x00000001
203
204 /**
205  * @brief Auth User Information
206  *
207  * Some of the strings are maybe NULL
208  **/
209
210 struct wbcAuthUserInfo {
211         uint32_t user_flags;
212
213         char *account_name;
214         char *user_principal;
215         char *full_name;
216         char *domain_name;
217         char *dns_domain_name;
218
219         uint32_t acct_flags;
220         uint8_t user_session_key[16];
221         uint8_t lm_session_key[8];
222
223         uint16_t logon_count;
224         uint16_t bad_password_count;
225
226         uint64_t logon_time;
227         uint64_t logoff_time;
228         uint64_t kickoff_time;
229         uint64_t pass_last_set_time;
230         uint64_t pass_can_change_time;
231         uint64_t pass_must_change_time;
232
233         char *logon_server;
234         char *logon_script;
235         char *profile_path;
236         char *home_directory;
237         char *home_drive;
238
239         /*
240          * the 1st one is the account sid
241          * the 2nd one is the primary_group sid
242          * followed by the rest of the groups
243          */
244         uint32_t num_sids;
245         struct wbcSidWithAttr *sids;
246 };
247
248 /* wbcAuthUserInfo->user_flags */
249
250 #define WBC_AUTH_USER_INFO_GUEST                        0x00000001
251 #define WBC_AUTH_USER_INFO_NOENCRYPTION                 0x00000002
252 #define WBC_AUTH_USER_INFO_CACHED_ACCOUNT               0x00000004
253 #define WBC_AUTH_USER_INFO_USED_LM_PASSWORD             0x00000008
254 #define WBC_AUTH_USER_INFO_EXTRA_SIDS                   0x00000020
255 #define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY          0x00000040
256 #define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT         0x00000080
257 #define WBC_AUTH_USER_INFO_NTLMV2_ENABLED               0x00000100
258 #define WBC_AUTH_USER_INFO_RESOURCE_GROUPS              0x00000200
259 #define WBC_AUTH_USER_INFO_PROFILE_PATH_RETURNED        0x00000400
260 #define WBC_AUTH_USER_INFO_GRACE_LOGON                  0x01000000
261
262 /* wbcAuthUserInfo->acct_flags */
263
264 #define WBC_ACB_DISABLED                        0x00000001 /* 1 User account disabled */
265 #define WBC_ACB_HOMDIRREQ                       0x00000002 /* 1 Home directory required */
266 #define WBC_ACB_PWNOTREQ                        0x00000004 /* 1 User password not required */
267 #define WBC_ACB_TEMPDUP                         0x00000008 /* 1 Temporary duplicate account */
268 #define WBC_ACB_NORMAL                          0x00000010 /* 1 Normal user account */
269 #define WBC_ACB_MNS                             0x00000020 /* 1 MNS logon user account */
270 #define WBC_ACB_DOMTRUST                        0x00000040 /* 1 Interdomain trust account */
271 #define WBC_ACB_WSTRUST                         0x00000080 /* 1 Workstation trust account */
272 #define WBC_ACB_SVRTRUST                        0x00000100 /* 1 Server trust account */
273 #define WBC_ACB_PWNOEXP                         0x00000200 /* 1 User password does not expire */
274 #define WBC_ACB_AUTOLOCK                        0x00000400 /* 1 Account auto locked */
275 #define WBC_ACB_ENC_TXT_PWD_ALLOWED             0x00000800 /* 1 Encryped text password is allowed */
276 #define WBC_ACB_SMARTCARD_REQUIRED              0x00001000 /* 1 Smart Card required */
277 #define WBC_ACB_TRUSTED_FOR_DELEGATION          0x00002000 /* 1 Trusted for Delegation */
278 #define WBC_ACB_NOT_DELEGATED                   0x00004000 /* 1 Not delegated */
279 #define WBC_ACB_USE_DES_KEY_ONLY                0x00008000 /* 1 Use DES key only */
280 #define WBC_ACB_DONT_REQUIRE_PREAUTH            0x00010000 /* 1 Preauth not required */
281 #define WBC_ACB_PW_EXPIRED                      0x00020000 /* 1 Password Expired */
282 #define WBC_ACB_NO_AUTH_DATA_REQD               0x00080000   /* 1 = No authorization data required */
283
284 struct wbcAuthErrorInfo {
285         uint32_t nt_status;
286         char *nt_string;
287         int32_t pam_error;
288         char *display_string;
289 };
290
291 /*
292  * Memory Management
293  */
294
295 void wbcFreeMemory(void*);
296
297
298 /*
299  * Utility functions for dealing with SIDs
300  */
301
302 wbcErr wbcSidToString(const struct wbcDomainSid *sid,
303                       char **sid_string);
304
305 wbcErr wbcStringToSid(const char *sid_string,
306                       struct wbcDomainSid *sid);
307
308 wbcErr wbcPing(void);
309
310 wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **details);
311
312 /*
313  * Name/SID conversion
314  */
315
316 wbcErr wbcLookupName(const char *dom_name,
317                      const char *name,
318                      struct wbcDomainSid *sid,
319                      enum wbcSidType *name_type);
320
321 wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
322                     char **domain,
323                     char **name,
324                     enum wbcSidType *name_type);
325
326 wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
327                      int num_rids,
328                      uint32_t *rids,
329                      const char **domain_name,
330                      const char ***names,
331                      enum wbcSidType **types);
332
333 wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
334                          bool domain_groups_only,
335                          uint32_t *num_sids,
336                          struct wbcDomainSid **sids);
337
338 wbcErr wbcListUsers(const char *domain_name,
339                     uint32_t *num_users,
340                     const char ***users);
341
342 wbcErr wbcListGroups(const char *domain_name,
343                      uint32_t *num_groups,
344                      const char ***groups);
345
346 /*
347  * SID/uid/gid Mappings
348  */
349
350 wbcErr wbcSidToUid(const struct wbcDomainSid *sid,
351                    uid_t *puid);
352
353 wbcErr wbcUidToSid(uid_t uid,
354                    struct wbcDomainSid *sid);
355
356 wbcErr wbcSidToGid(const struct wbcDomainSid *sid,
357                    gid_t *pgid);
358
359 wbcErr wbcGidToSid(gid_t gid,
360                    struct wbcDomainSid *sid);
361
362 wbcErr wbcAllocateUid(uid_t *puid);
363
364 wbcErr wbcAllocateGid(gid_t *pgid);
365
366 wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid);
367
368 wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid);
369
370 wbcErr wbcSetUidHwm(uid_t uid_hwm);
371
372 wbcErr wbcSetGidHwm(gid_t gid_hwm);
373
374 /*
375  * NSS Lookup User/Group details
376  */
377
378 wbcErr wbcGetpwnam(const char *name, struct passwd **pwd);
379
380 wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd);
381
382 wbcErr wbcGetgrnam(const char *name, struct group **grp);
383
384 wbcErr wbcGetgrgid(gid_t gid, struct group **grp);
385
386 wbcErr wbcSetpwent(void);
387
388 wbcErr wbcEndpwent(void);
389
390 wbcErr wbcGetpwent(struct passwd **pwd);
391
392 wbcErr wbcSetgrent(void);
393
394 wbcErr wbcEndgrent(void);
395
396 wbcErr wbcGetgrent(struct group **grp);
397
398 wbcErr wbcGetGroups(const char *account,
399                     uint32_t *num_groups,
400                     gid_t **_groups);
401
402
403 /*
404  * Lookup Domain information
405  */
406
407 wbcErr wbcDomainInfo(const char *domain,
408                      struct wbcDomainInfo **info);
409
410 wbcErr wbcListTrusts(struct wbcDomainInfo **domains, 
411                      size_t *num_domains);
412
413
414 /*
415  * Athenticate functions
416  */
417
418 wbcErr wbcAuthenticateUser(const char *username,
419                            const char *password);
420
421 wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
422                              struct wbcAuthUserInfo **info,
423                              struct wbcAuthErrorInfo **error);
424
425 /*
426  * Resolve functions
427  */
428 wbcErr wbcResolveWinsByName(const char *name, const char **ip);
429 wbcErr wbcResolveWinsByIP(const char *ip, const char **name);
430
431 /*
432  * Trusted domain functions
433  */
434 wbcErr wbcCheckTrustCredentials(const char *domain,
435                                 struct wbcAuthErrorInfo **error);
436
437 #endif      /* _WBCLIENT_H */