2 Unix SMB/CIFS implementation.
6 Copyright (C) Gerald (Jerry) Carter 2007
8 This library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Lesser General Public
10 License as published by the Free Software Foundation; either
11 version 3 of the License, or (at your option) any later version.
13 This library is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Library General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
28 /* Define error types */
31 * @brief Status codes returned from wbc functions
35 WBC_ERR_SUCCESS = 0, /**< Successful completion **/
36 WBC_ERR_NOT_IMPLEMENTED,/**< Function not implemented **/
37 WBC_ERR_UNKNOWN_FAILURE,/**< General failure **/
38 WBC_ERR_NO_MEMORY, /**< Memory allocation error **/
39 WBC_ERR_INVALID_SID, /**< Invalid SID format **/
40 WBC_ERR_INVALID_PARAM, /**< An Invalid parameter was supplied **/
41 WBC_ERR_WINBIND_NOT_AVAILABLE, /**< Winbind daemon is not available **/
42 WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/
43 WBC_ERR_INVALID_RESPONSE, /**< Winbind returned an invalid response **/
44 WBC_ERR_NSS_ERROR, /**< NSS_STATUS error **/
45 WBC_ERR_AUTH_ERROR /**< Authentication failed **/
48 typedef enum _wbcErrType wbcErr;
50 #define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS)
52 const char *wbcErrorString(wbcErr error);
55 * @brief Some useful details about the running winbindd
58 struct wbcInterfaceDetails {
59 uint32_t interface_version;
60 const char *winbind_version;
61 char winbind_separator;
62 const char *netbios_name;
63 const char *netbios_domain;
64 const char *dns_domain;
68 * Data types used by the Winbind Client API
72 #define MAXSUBAUTHS 15 /* max sub authorities in a SID */
76 * @brief Windows Security Identifier
84 uint32_t sub_auths[MAXSUBAUTHS];
88 * @brief Security Identifier type
92 WBC_SID_NAME_USE_NONE=0,
94 WBC_SID_NAME_DOM_GRP=2,
95 WBC_SID_NAME_DOMAIN=3,
97 WBC_SID_NAME_WKN_GRP=5,
98 WBC_SID_NAME_DELETED=6,
99 WBC_SID_NAME_INVALID=7,
100 WBC_SID_NAME_UNKNOWN=8,
101 WBC_SID_NAME_COMPUTER=9
105 * @brief Security Identifier with attributes
108 struct wbcSidWithAttr {
109 struct wbcDomainSid sid;
113 /* wbcSidWithAttr->attributes */
115 #define WBC_SID_ATTR_GROUP_MANDATORY 0x00000001
116 #define WBC_SID_ATTR_GROUP_ENABLED_BY_DEFAULT 0x00000002
117 #define WBC_SID_ATTR_GROUP_ENABLED 0x00000004
118 #define WBC_SID_ATTR_GROUP_OWNER 0x00000008
119 #define WBC_SID_ATTR_GROUP_USEFOR_DENY_ONLY 0x00000010
120 #define WBC_SID_ATTR_GROUP_RESOURCE 0x20000000
121 #define WBC_SID_ATTR_GROUP_LOGON_ID 0xC0000000
124 * @brief Domain Information
127 struct wbcDomainInfo {
130 struct wbcDomainSid sid;
131 uint32_t domain_flags;
132 uint32_t trust_flags;
136 /* wbcDomainInfo->domain_flags */
138 #define WBC_DOMINFO_DOMAIN_UNKNOWN 0x00000000
139 #define WBC_DOMINFO_DOMAIN_NATIVE 0x00000001
140 #define WBC_DOMINFO_DOMAIN_AD 0x00000002
141 #define WBC_DOMINFO_DOMAIN_PRIMARY 0x00000004
142 #define WBC_DOMINFO_DOMAIN_OFFLINE 0x00000008
144 /* wbcDomainInfo->trust_flags */
146 #define WBC_DOMINFO_TRUST_TRANSITIVE 0x00000001
147 #define WBC_DOMINFO_TRUST_INCOMING 0x00000002
148 #define WBC_DOMINFO_TRUST_OUTGOING 0x00000004
150 /* wbcDomainInfo->trust_type */
152 #define WBC_DOMINFO_TRUSTTYPE_NONE 0x00000000
153 #define WBC_DOMINFO_TRUSTTYPE_FOREST 0x00000001
154 #define WBC_DOMINFO_TRUSTTYPE_IN_FOREST 0x00000002
155 #define WBC_DOMINFO_TRUSTTYPE_EXTERNAL 0x00000003
159 * @brief Auth User Parameters
162 struct wbcAuthUserParams {
163 const char *account_name;
164 const char *domain_name;
165 const char *workstation_name;
169 uint32_t parameter_control;
171 enum wbcAuthUserLevel {
172 WBC_AUTH_USER_LEVEL_PLAIN = 1,
173 WBC_AUTH_USER_LEVEL_HASH = 2,
174 WBC_AUTH_USER_LEVEL_RESPONSE = 3
177 const char *plaintext;
183 uint8_t challenge[8];
192 /* wbcAuthUserParams->parameter_control */
194 #define WBC_MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x00000002
195 #define WBC_MSV1_0_UPDATE_LOGON_STATISTICS 0x00000004
196 #define WBC_MSV1_0_RETURN_USER_PARAMETERS 0x00000008
197 #define WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x00000020
198 #define WBC_MSV1_0_RETURN_PROFILE_PATH 0x00000200
199 #define WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x00000800
201 /* wbcAuthUserParams->flags */
203 #define WBC_AUTH_PARAM_FLAGS_INTERACTIVE_LOGON 0x00000001
206 * @brief Auth User Information
208 * Some of the strings are maybe NULL
211 struct wbcAuthUserInfo {
215 char *user_principal;
218 char *dns_domain_name;
221 uint8_t user_session_key[16];
222 uint8_t lm_session_key[8];
224 uint16_t logon_count;
225 uint16_t bad_password_count;
228 uint64_t logoff_time;
229 uint64_t kickoff_time;
230 uint64_t pass_last_set_time;
231 uint64_t pass_can_change_time;
232 uint64_t pass_must_change_time;
237 char *home_directory;
241 * the 1st one is the account sid
242 * the 2nd one is the primary_group sid
243 * followed by the rest of the groups
246 struct wbcSidWithAttr *sids;
249 /* wbcAuthUserInfo->user_flags */
251 #define WBC_AUTH_USER_INFO_GUEST 0x00000001
252 #define WBC_AUTH_USER_INFO_NOENCRYPTION 0x00000002
253 #define WBC_AUTH_USER_INFO_CACHED_ACCOUNT 0x00000004
254 #define WBC_AUTH_USER_INFO_USED_LM_PASSWORD 0x00000008
255 #define WBC_AUTH_USER_INFO_EXTRA_SIDS 0x00000020
256 #define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY 0x00000040
257 #define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT 0x00000080
258 #define WBC_AUTH_USER_INFO_NTLMV2_ENABLED 0x00000100
259 #define WBC_AUTH_USER_INFO_RESOURCE_GROUPS 0x00000200
260 #define WBC_AUTH_USER_INFO_PROFILE_PATH_RETURNED 0x00000400
261 #define WBC_AUTH_USER_INFO_GRACE_LOGON 0x01000000
263 /* wbcAuthUserInfo->acct_flags */
265 #define WBC_ACB_DISABLED 0x00000001 /* 1 User account disabled */
266 #define WBC_ACB_HOMDIRREQ 0x00000002 /* 1 Home directory required */
267 #define WBC_ACB_PWNOTREQ 0x00000004 /* 1 User password not required */
268 #define WBC_ACB_TEMPDUP 0x00000008 /* 1 Temporary duplicate account */
269 #define WBC_ACB_NORMAL 0x00000010 /* 1 Normal user account */
270 #define WBC_ACB_MNS 0x00000020 /* 1 MNS logon user account */
271 #define WBC_ACB_DOMTRUST 0x00000040 /* 1 Interdomain trust account */
272 #define WBC_ACB_WSTRUST 0x00000080 /* 1 Workstation trust account */
273 #define WBC_ACB_SVRTRUST 0x00000100 /* 1 Server trust account */
274 #define WBC_ACB_PWNOEXP 0x00000200 /* 1 User password does not expire */
275 #define WBC_ACB_AUTOLOCK 0x00000400 /* 1 Account auto locked */
276 #define WBC_ACB_ENC_TXT_PWD_ALLOWED 0x00000800 /* 1 Encryped text password is allowed */
277 #define WBC_ACB_SMARTCARD_REQUIRED 0x00001000 /* 1 Smart Card required */
278 #define WBC_ACB_TRUSTED_FOR_DELEGATION 0x00002000 /* 1 Trusted for Delegation */
279 #define WBC_ACB_NOT_DELEGATED 0x00004000 /* 1 Not delegated */
280 #define WBC_ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 Use DES key only */
281 #define WBC_ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 Preauth not required */
282 #define WBC_ACB_PW_EXPIRED 0x00020000 /* 1 Password Expired */
283 #define WBC_ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */
285 struct wbcAuthErrorInfo {
289 char *display_string;
296 void wbcFreeMemory(void*);
300 * Utility functions for dealing with SIDs
303 wbcErr wbcSidToString(const struct wbcDomainSid *sid,
306 wbcErr wbcStringToSid(const char *sid_string,
307 struct wbcDomainSid *sid);
309 wbcErr wbcPing(void);
311 wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **details);
314 * Name/SID conversion
317 wbcErr wbcLookupName(const char *dom_name,
319 struct wbcDomainSid *sid,
320 enum wbcSidType *name_type);
322 wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
325 enum wbcSidType *name_type);
327 wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
330 const char **domain_name,
332 enum wbcSidType **types);
334 wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
335 bool domain_groups_only,
337 struct wbcDomainSid **sids);
339 wbcErr wbcListUsers(const char *domain_name,
341 const char ***users);
343 wbcErr wbcListGroups(const char *domain_name,
344 uint32_t *num_groups,
345 const char ***groups);
348 * SID/uid/gid Mappings
351 wbcErr wbcSidToUid(const struct wbcDomainSid *sid,
354 wbcErr wbcUidToSid(uid_t uid,
355 struct wbcDomainSid *sid);
357 wbcErr wbcSidToGid(const struct wbcDomainSid *sid,
360 wbcErr wbcGidToSid(gid_t gid,
361 struct wbcDomainSid *sid);
363 wbcErr wbcAllocateUid(uid_t *puid);
365 wbcErr wbcAllocateGid(gid_t *pgid);
367 wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid);
369 wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid);
371 wbcErr wbcSetUidHwm(uid_t uid_hwm);
373 wbcErr wbcSetGidHwm(gid_t gid_hwm);
376 * NSS Lookup User/Group details
379 wbcErr wbcGetpwnam(const char *name, struct passwd **pwd);
381 wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd);
383 wbcErr wbcGetgrnam(const char *name, struct group **grp);
385 wbcErr wbcGetgrgid(gid_t gid, struct group **grp);
387 wbcErr wbcSetpwent(void);
389 wbcErr wbcEndpwent(void);
391 wbcErr wbcGetpwent(struct passwd **pwd);
393 wbcErr wbcSetgrent(void);
395 wbcErr wbcEndgrent(void);
397 wbcErr wbcGetgrent(struct group **grp);
399 wbcErr wbcGetGroups(const char *account,
400 uint32_t *num_groups,
405 * Lookup Domain information
408 wbcErr wbcDomainInfo(const char *domain,
409 struct wbcDomainInfo **info);
411 wbcErr wbcListTrusts(struct wbcDomainInfo **domains,
412 size_t *num_domains);
416 * Athenticate functions
419 wbcErr wbcAuthenticateUser(const char *username,
420 const char *password);
422 wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
423 struct wbcAuthUserInfo **info,
424 struct wbcAuthErrorInfo **error);
429 wbcErr wbcResolveWinsByName(const char *name, char **ip);
430 wbcErr wbcResolveWinsByIP(const char *ip, char **name);
433 * Trusted domain functions
435 wbcErr wbcCheckTrustCredentials(const char *domain,
436 struct wbcAuthErrorInfo **error);
438 #endif /* _WBCLIENT_H */