source4/nsswitch/winbindd_nss.h

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Winbind daemon for ntdom nss module
   5
   6    Copyright (C) Tim Potter 2000
   7
   8    You are free to use this interface definition in any way you see
   9    fit, including without restriction, using this header in your own
  10    products. You do not need to give any attribution.
  11 */
  12
  13
  14 #ifndef CONST_DISCARD
  15 #define CONST_DISCARD(type, ptr)      ((type) ((void *) (ptr)))
  16 #endif
  17
  18 #ifndef CONST_ADD
  19 #define CONST_ADD(type, ptr)          ((type) ((const void *) (ptr)))
  20 #endif
  21
  22 #ifndef SAFE_FREE
  23 #define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0)
  24 #endif
  25
  26 #ifndef _WINBINDD_NTDOM_H
  27 #define _WINBINDD_NTDOM_H
  28
  29 #define WINBINDD_SOCKET_NAME "pipe"            /* Name of PF_UNIX socket */
  30 #ifndef WINBINDD_SOCKET_DIR
  31 #define WINBINDD_SOCKET_DIR  "/tmp/.winbindd"  /* Name of PF_UNIX dir */
  32 #endif
  33 #define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */
  34 #define WINBINDD_DOMAIN_ENV  "WINBINDD_DOMAIN" /* Environment variables */
  35 #define WINBINDD_DONT_ENV    "_NO_WINBINDD"
  36
  37 typedef char winbind_string[256];
  38 #define winbind_strcpy(d,s) safe_strcpy((d),(s),sizeof(winbind_string));
  39
  40 /* Update this when you change the interface.  */
  41
  42 #define WINBIND_INTERFACE_VERSION 11
  43
  44 /* Socket commands */
  45
  46 enum winbindd_cmd {
  47
  48         WINBINDD_INTERFACE_VERSION,    /* Always a well known value */
  49
  50         /* Get users and groups */
  51
  52         WINBINDD_GETPWNAM,
  53         WINBINDD_GETPWUID,
  54         WINBINDD_GETGRNAM,
  55         WINBINDD_GETGRGID,
  56         WINBINDD_GETGROUPS,
  57
  58         /* Enumerate users and groups */
  59
  60         WINBINDD_SETPWENT,
  61         WINBINDD_ENDPWENT,
  62         WINBINDD_GETPWENT,
  63         WINBINDD_SETGRENT,
  64         WINBINDD_ENDGRENT,
  65         WINBINDD_GETGRENT,
  66
  67         /* PAM authenticate and password change */
  68
  69         WINBINDD_PAM_AUTH,
  70         WINBINDD_PAM_AUTH_CRAP,
  71         WINBINDD_PAM_CHAUTHTOK,
  72
  73         /* List various things */
  74
  75         WINBINDD_LIST_USERS,         /* List w/o rid->id mapping */
  76         WINBINDD_LIST_GROUPS,        /* Ditto */
  77         WINBINDD_LIST_TRUSTDOM,
  78
  79         /* SID conversion */
  80
  81         WINBINDD_LOOKUPSID,
  82         WINBINDD_LOOKUPNAME,
  83
  84         /* Lookup functions */
  85
  86         WINBINDD_SID_TO_UID,
  87         WINBINDD_SID_TO_GID,
  88         WINBINDD_UID_TO_SID,
  89         WINBINDD_GID_TO_SID,
  90         WINBINDD_ALLOCATE_RID,
  91         WINBINDD_ALLOCATE_RID_AND_GID,
  92
  93         /* Miscellaneous other stuff */
  94
  95         WINBINDD_CHECK_MACHACC,     /* Check machine account pw works */
  96         WINBINDD_PING,              /* Just tell me winbind is running */
  97         WINBINDD_INFO,              /* Various bit of info.  Currently just tidbits */
  98         WINBINDD_DOMAIN_NAME,       /* The domain this winbind server is a member of (lp_workgroup()) */
  99
 100         WINBINDD_DOMAIN_INFO,   /* Most of what we know from
 101                                    struct winbindd_domain */
 102         WINBINDD_GETDCNAME,     /* Issue a GetDCName Request */
 103
 104         WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */
 105
 106         /* WINS commands */
 107
 108         WINBINDD_WINS_BYIP,
 109         WINBINDD_WINS_BYNAME,
 110
 111         /* this is like GETGRENT but gives an empty group list */
 112         WINBINDD_GETGRLST,
 113
 114         WINBINDD_NETBIOS_NAME,       /* The netbios name of the server */
 115
 116         /* find the location of our privileged pipe */
 117         WINBINDD_PRIV_PIPE_DIR,
 118
 119         /* return a list of group sids for a user sid */
 120         WINBINDD_GETUSERSIDS,
 121
 122         /* Return the domain groups a user is in */
 123         WINBINDD_GETUSERDOMGROUPS,
 124
 125         /* Initialize connection in a child */
 126         WINBINDD_INIT_CONNECTION,
 127
 128         /* Blocking calls that are not allowed on the main winbind pipe, only
 129          * between parent and children */
 130         WINBINDD_DUAL_SID2UID,
 131         WINBINDD_DUAL_SID2GID,
 132         WINBINDD_DUAL_IDMAPSET,
 133
 134         /* Wrapper around possibly blocking unix nss calls */
 135         WINBINDD_DUAL_UID2NAME,
 136         WINBINDD_DUAL_NAME2UID,
 137         WINBINDD_DUAL_GID2NAME,
 138         WINBINDD_DUAL_NAME2GID,
 139
 140         WINBINDD_DUAL_USERINFO,
 141         WINBINDD_DUAL_GETSIDALIASES,
 142
 143         WINBINDD_NUM_CMDS
 144 };
 145
 146 typedef struct winbindd_pw {
 147         winbind_string pw_name;
 148         winbind_string pw_passwd;
 149         uid_t pw_uid;
 150         gid_t pw_gid;
 151         winbind_string pw_gecos;
 152         winbind_string pw_dir;
 153         winbind_string pw_shell;
 154 } WINBINDD_PW;
 155
 156
 157 typedef struct winbindd_gr {
 158         winbind_string gr_name;
 159         winbind_string gr_passwd;
 160         gid_t gr_gid;
 161         int num_gr_mem;
 162         int gr_mem_ofs;   /* offset to group membership */
 163         char **gr_mem;
 164 } WINBINDD_GR;
 165
 166
 167 #define WBFLAG_PAM_INFO3_NDR            0x0001
 168 #define WBFLAG_PAM_INFO3_TEXT           0x0002
 169 #define WBFLAG_PAM_USER_SESSION_KEY     0x0004
 170 #define WBFLAG_PAM_LMKEY                0x0008
 171 #define WBFLAG_PAM_CONTACT_TRUSTDOM     0x0010
 172 #define WBFLAG_QUERY_ONLY               0x0020
 173 #define WBFLAG_ALLOCATE_RID             0x0040
 174 #define WBFLAG_PAM_UNIX_NAME            0x0080
 175 #define WBFLAG_PAM_AFS_TOKEN            0x0100
 176 #define WBFLAG_PAM_NT_STATUS_SQUASH     0x0200
 177
 178 /* This is a flag that can only be sent from parent to child */
 179 #define WBFLAG_IS_PRIVILEGED            0x0400
 180 /* Flag to say this is a winbindd internal send - don't recurse. */
 181 #define WBFLAG_RECURSE                  0x0800
 182
 183 /* Winbind request structure */
 184
 185 struct winbindd_request {
 186         uint32_t length;
 187         enum winbindd_cmd cmd;   /* Winbindd command to execute */
 188         pid_t pid;               /* pid of calling process */
 189         uint32_t flags;            /* flags relavant to a given request */
 190         winbind_string domain_name;     /* name of domain for which the request applies */
 191
 192         union {
 193                 winbind_string winsreq;     /* WINS request */
 194                 winbind_string username;    /* getpwnam */
 195                 winbind_string groupname;   /* getgrnam */
 196                 uid_t uid;           /* getpwuid, uid_to_sid */
 197                 gid_t gid;           /* getgrgid, gid_to_sid */
 198                 struct {
 199                         /* We deliberatedly don't split into domain/user to
 200                            avoid having the client know what the separator
 201                            character is. */
 202                         winbind_string user;
 203                         winbind_string pass;
 204                         winbind_string require_membership_of_sid;
 205                 } auth;              /* pam_winbind auth module */
 206                 struct {
 207                         unsigned char chal[8];
 208                         uint32_t logon_parameters;
 209                         winbind_string user;
 210                         winbind_string domain;
 211                         winbind_string lm_resp;
 212                         uint16_t lm_resp_len;
 213                         winbind_string nt_resp;
 214                         uint16_t nt_resp_len;
 215                         winbind_string workstation;
 216                         winbind_string require_membership_of_sid;
 217                 } auth_crap;
 218                 struct {
 219                     winbind_string user;
 220                     winbind_string oldpass;
 221                     winbind_string newpass;
 222                 } chauthtok;         /* pam_winbind passwd module */
 223                 winbind_string sid;         /* lookupsid, sid_to_[ug]id */
 224                 struct {
 225                         winbind_string dom_name;       /* lookupname */
 226                         winbind_string name;
 227                 } name;
 228                 uint32_t num_entries;  /* getpwent, getgrent */
 229                 struct {
 230                         winbind_string username;
 231                         winbind_string groupname;
 232                 } acct_mgt;
 233                 struct {
 234                         BOOL is_primary;
 235                         winbind_string dcname;
 236                 } init_conn;
 237                 struct {
 238                         winbind_string sid;
 239                         winbind_string name;
 240                         BOOL alloc;
 241                 } dual_sid2id;
 242                 struct {
 243                         int type;
 244                         uid_t uid;
 245                         gid_t gid;
 246                         winbind_string sid;
 247                 } dual_idmapset;
 248         } data;
 249         char *extra_data;
 250         size_t extra_len;
 251         char null_term;
 252 };
 253
 254 /* Response values */
 255
 256 enum winbindd_result {
 257         WINBINDD_ERROR,
 258         WINBINDD_PENDING,
 259         WINBINDD_OK
 260 };
 261
 262 /* Winbind response structure */
 263
 264 struct winbindd_response {
 265
 266         /* Header information */
 267
 268         uint32_t length;                        /* Length of response */
 269         enum winbindd_result result;          /* Result code */
 270
 271         /* Fixed length return data */
 272
 273         union {
 274                 int interface_version;  /* Try to ensure this is always in the same spot... */
 275
 276                 winbind_string winsresp;                /* WINS response */
 277
 278                 /* getpwnam, getpwuid */
 279
 280                 struct winbindd_pw pw;
 281
 282                 /* getgrnam, getgrgid */
 283
 284                 struct winbindd_gr gr;
 285
 286                 uint32_t num_entries; /* getpwent, getgrent */
 287                 struct winbindd_sid {
 288                         winbind_string sid;        /* lookupname, [ug]id_to_sid */
 289                         int type;
 290                 } sid;
 291                 struct winbindd_name {
 292                         winbind_string dom_name;       /* lookupsid */
 293                         winbind_string name;
 294                         int type;
 295                 } name;
 296                 uid_t uid;          /* sid_to_uid */
 297                 gid_t gid;          /* sid_to_gid */
 298                 struct winbindd_info {
 299                         char winbind_separator;
 300                         winbind_string samba_version;
 301                 } info;
 302                 winbind_string domain_name;
 303                 winbind_string netbios_name;
 304                 winbind_string dc_name;
 305
 306                 struct auth_reply {
 307                         uint32_t nt_status;
 308                         winbind_string nt_status_string;
 309                         winbind_string error_string;
 310                         int pam_error;
 311                         char user_session_key[16];
 312                         char first_8_lm_hash[8];
 313                 } auth;
 314                 uint32_t rid;   /* create user or group or allocate rid */
 315                 struct {
 316                         uint32_t rid;
 317                         gid_t gid;
 318                 } rid_and_gid;
 319                 struct {
 320                         winbind_string name;
 321                         winbind_string alt_name;
 322                         winbind_string sid;
 323                         BOOL native_mode;
 324                         BOOL active_directory;
 325                         BOOL primary;
 326                         uint32_t sequence_number;
 327                 } domain_info;
 328                 struct {
 329                         winbind_string acct_name;
 330                         winbind_string full_name;
 331                         winbind_string homedir;
 332                         winbind_string shell;
 333                         uint32_t group_rid;
 334                 } user_info;
 335         } data;
 336
 337         /* Variable length return data */
 338
 339         void *extra_data;               /* getgrnam, getgrgid, getgrent */
 340 };
 341
 342 #endif