/* * Winbind (NDR-based) Protocol */ import "security.idl", "lsa.idl"; [ uuid("b6608c99-0407-401b-96d3-7bcda67232af"), version(1.0), pointer_default(unique) ] interface winbind_protocol { typedef enum lsa_SidType lsa_SidType; const uint32 WINBIND_MAX_LENGTH_PRIVILEGED = 0x0FFFFFFF; const uint32 WINBIND_MAX_LENGTH_UNPRIVILEGED = 0x00020000; typedef [public,v1_enum] enum { WINBIND_STATUS_OK = 0x00000000, WINBIND_STATUS_UNKNOWN_ERROR = 0x57420001, WINBIND_STATUS_NOT_IMPLEMENTED = 0x57420002, WINBIND_STATUS_NOT_SUPPORTED = 0x57420003, WINBIND_STATUS_NO_MEMORY = 0x57420004, WINBIND_STATUS_INVALID_PARAMETER = 0x57420005, WINBIND_STATUS_INVALID_LEVEL = 0x57420006, WINBIND_STATUS_UNKNOWN_LEVEL = 0x57420007, WINBIND_STATUS_DOMAIN_OFFLINE = 0x57420008 } winbind_status; const uint32 WINBIND_STATUS_FOOBAR = WINBIND_STATUS_UNKNOWN_ERROR; typedef [bitmap16bit] bitmap { WINBIND_HEADER_VERSION = 0x0001 } winbind_header_version; typedef [bitmap32bit] bitmap { WINBIND_HEADER_FLAGS_RESPONSE = 0x00000001, WINBIND_HEADER_FLAGS_ERROR = 0x00000002 } winbind_header_flags; const uint32 WINBIND_HEADER_SIZE = 0x10; [public] struct winbind_header { uint32 length; [charset(DOS),value("WBPT")] uint8 magic[4]; [value(WINBIND_HEADER_VERSION)] winbind_header_version version; uint16 opnum; winbind_header_flags flags; }; /* * Just tell me winbindd is running */ winbind_status winbind_ping(); /* * - Get the interface version * - Find the location of the privileged pipe */ winbind_status winbind_interface_details(/*TODO*/); /* * Get users and groups */ winbind_status winbind_getpwnam(/*TODO*/); winbind_status winbind_getpwuid(/*TODO*/); winbind_status winbind_getgrnam(/*TODO*/); winbind_status winbind_getgrgid(/*TODO*/); winbind_status winbind_getgroups(/*TODO*/); /* * Enumerate users and groups */ winbind_status winbind_setpwent(/*TODO*/); winbind_status winbind_endpwent(/*TODO*/); winbind_status winbind_getpwent(/*TODO*/); winbind_status winbind_setgrent(/*TODO*/); winbind_status winbind_endgrent(/*TODO*/); winbind_status winbind_getgrent(/*TODO*/); /* * PAM authenticate and password change */ winbind_status winbind_pam_auth(/*TODO*/); winbind_status winbind_pam_auth_crap(/*TODO*/); winbind_status winbind_pam_chauthtok(/*TODO*/); winbind_status winbind_pam_logoff(/*TODO*/); winbind_status winbind_pam_chng_paswd_auth_crap(/*TODO*/); /* * List various things */ /* List w/o rid->id mapping */ winbind_status winbind_list_users(/*TODO*/); /* List w/o rid->id mapping */ winbind_status winbind_list_groups(/*TODO*/); typedef [v1_enum] enum { WINBIND_TRUST_LEVEL_COMPAT_LIST = 1, WINBIND_TRUST_LEVEL_COMPAT_CHECK_MACHCC = 2 } winbind_trust_level; /* Most of what we know from struct winbind_domain */ struct winbind_domain_info_compat { [string,charset(UTF8)] uint8 netbios_name[]; [string,charset(UTF8)] uint8 *dns_name; [ref] dom_sid *sid; boolean32 is_native_mode; boolean32 is_active_directory; boolean32 is_primary; }; struct winbind_domain_info_compat_array { uint32 num_domains; struct winbind_domain_info_compat domains[num_domains]; }; typedef [switch_type(winbind_trust_level)] union { [case(WINBIND_TRUST_LEVEL_COMPAT_LIST)]; [case(WINBIND_TRUST_LEVEL_COMPAT_CHECK_MACHCC)]; [default]; } winbind_trust_req; typedef [switch_type(winbind_trust_level)] union { [case(WINBIND_TRUST_LEVEL_COMPAT_LIST)] struct winbind_domain_info_compat_array compat_trusts; [case(WINBIND_TRUST_LEVEL_COMPAT_CHECK_MACHCC)]; [default]; } winbind_trust_rep; winbind_status winbind_trust( [in] winbind_trust_level *level, [in,switch_is(*level)] winbind_trust_req req, [out,switch_is(*level)] winbind_trust_rep *rep ); /* * Lookup functions */ typedef [v1_enum] enum { WINBIND_LOOKUP_LEVEL_SID2NAME = 1, WINBIND_LOOKUP_LEVEL_NAME2SID = 2, WINBIND_LOOKUP_LEVEL_RIDS2NAMES = 3, WINBIND_LOOKUP_LEVEL_SID2USERINFO = 4, WINBIND_LOOKUP_LEVEL_SID2DOMGROUPS = 5 } winbind_lookup_level; struct winbind_lookup_req_rids { /*TODO [ref]*/ dom_sid *domain_sid; uint32 num_rids; uint32 rids[num_rids]; }; typedef [switch_type(winbind_lookup_level)] union { [case(WINBIND_LOOKUP_LEVEL_SID2NAME)] /*TODO [ref]*/ dom_sid *sid; [case(WINBIND_LOOKUP_LEVEL_NAME2SID)] [string,charset(UTF8)] uint8 name[]; [case(WINBIND_LOOKUP_LEVEL_RIDS2NAMES)] struct winbind_lookup_req_rids rids; [case(WINBIND_LOOKUP_LEVEL_SID2USERINFO)] /*TODO [ref]*/ dom_sid *sid; [case(WINBIND_LOOKUP_LEVEL_SID2DOMGROUPS)] /*TODO [ref]*/ dom_sid *sid; [default]; } winbind_lookup_req; struct winbind_lookup_name_info { [string,charset(UTF8)] uint8 domain_name[]; [string,charset(UTF8)] uint8 account_name[]; lsa_SidType type; }; struct winbind_lookup_sid_info { /*TODO [ref]*/ dom_sid *sid; lsa_SidType type; }; struct winbind_lookup_name_info_array { uint32 num_names; struct winbind_lookup_name_info names[num_names]; }; struct winbind_lookup_user_info { [string,charset(UTF8)] uint8 account[]; [string,charset(UTF8)] uint8 gecos[]; [string,charset(UTF8)] uint8 homedir[]; [string,charset(UTF8)] uint8 shell[]; hyper primary_gid; uint32 primary_rid; }; struct winbind_lookup_sid_info_array { uint32 num_sids; struct winbind_lookup_sid_info sids[num_sids]; }; typedef [switch_type(winbind_lookup_level)] union { [case(WINBIND_LOOKUP_LEVEL_SID2NAME)] struct winbind_lookup_name_info name_info; [case(WINBIND_LOOKUP_LEVEL_NAME2SID)] struct winbind_lookup_sid_info sid_info; [case(WINBIND_LOOKUP_LEVEL_RIDS2NAMES)] struct winbind_lookup_name_info_array name_array; [case(WINBIND_LOOKUP_LEVEL_SID2USERINFO)] struct winbind_lookup_user_info user_info; [case(WINBIND_LOOKUP_LEVEL_SID2DOMGROUPS)] struct winbind_lookup_sid_info_array sid_array; [default]; } winbind_lookup_rep; winbind_status winbind_lookup( [in] winbind_lookup_level *level, [in,switch_is(*level)] winbind_lookup_req req, [out,switch_is(*level)] winbind_lookup_rep *rep ); /* * SID conversion */ typedef [v1_enum] enum { WINBIND_IDMAP_LEVEL_SID_TO_UID = 1, WINBIND_IDMAP_LEVEL_SID_TO_GID = 2, WINBIND_IDMAP_LEVEL_UID_TO_SID = 3, WINBIND_IDMAP_LEVEL_GID_TO_SID = 4 } winbind_get_idmap_level; typedef [switch_type(winbind_get_idmap_level)] union { [case(WINBIND_IDMAP_LEVEL_SID_TO_UID)] /*TODO [ref]*/ dom_sid *sid; [case(WINBIND_IDMAP_LEVEL_SID_TO_GID)] /*TODO [ref]*/ dom_sid *sid; [case(WINBIND_IDMAP_LEVEL_UID_TO_SID)] hyper uid; [case(WINBIND_IDMAP_LEVEL_GID_TO_SID)] hyper gid; } winbind_get_idmap_req; typedef [switch_type(winbind_get_idmap_level)] union { [case(WINBIND_IDMAP_LEVEL_SID_TO_UID)] hyper uid; [case(WINBIND_IDMAP_LEVEL_SID_TO_GID)] hyper gid; [case(WINBIND_IDMAP_LEVEL_UID_TO_SID)] /*TODO [ref]*/ dom_sid *sid; [case(WINBIND_IDMAP_LEVEL_GID_TO_SID)] /*TODO [ref]*/ dom_sid *sid; } winbind_get_idmap_rep; winbind_status winbind_get_idmap( [in,out] winbind_get_idmap_level *level, [in,switch_is(*level)] winbind_get_idmap_req req, [out,switch_is(*level)] winbind_get_idmap_rep *rep ); typedef [v1_enum] enum { WINBIND_SET_IDMAP_LEVEL_ALLOCATE_UID = 1, WINBIND_SET_IDMAP_LEVEL_ALLOCATE_GID = 2, WINBIND_SET_IDMAP_LEVEL_SET_MAPPING = 3, WINBIND_SET_IDMAP_LEVEL_SET_HWM = 4 } winbind_set_idmap_level; typedef [switch_type(winbind_set_idmap_level)] union { [case(WINBIND_SET_IDMAP_LEVEL_ALLOCATE_UID)]; [case(WINBIND_SET_IDMAP_LEVEL_ALLOCATE_GID)]; [case(WINBIND_SET_IDMAP_LEVEL_SET_MAPPING)] id_map mapping; [case(WINBIND_SET_IDMAP_LEVEL_SET_HWM)] unixid hwm; } winbind_set_idmap_req; typedef [switch_type(winbind_set_idmap_level)] union { [case(WINBIND_SET_IDMAP_LEVEL_ALLOCATE_UID)] hyper uid; [case(WINBIND_SET_IDMAP_LEVEL_ALLOCATE_GID)] hyper gid; [case(WINBIND_SET_IDMAP_LEVEL_SET_MAPPING)]; [case(WINBIND_SET_IDMAP_LEVEL_SET_HWM)]; } winbind_set_idmap_rep; winbind_status winbind_set_idmap( [in,out] winbind_set_idmap_level *level, [in,switch_is(*level)] winbind_set_idmap_req req, [out,switch_is(*level)] winbind_set_idmap_rep *rep ); /* Various bit of info. Currently just tidbits */ winbind_status winbind_info_fixname(/*TODO*/); /* The domain this winbind server is a member of (lp_workgroup()) */ winbind_status winbind_domain_name(/*TODO*/); typedef [v1_enum] enum { WINBIND_DOMAIN_INFO_LEVEL_COMPAT = 1, WINBIND_DOMAIN_INFO_LEVEL_SEQNUM = 2 } winbind_domain_info_level; typedef [switch_type(winbind_domain_info_level)] union { [case(WINBIND_DOMAIN_INFO_LEVEL_COMPAT)] struct winbind_domain_info_compat compat; [case(WINBIND_DOMAIN_INFO_LEVEL_SEQNUM)] hyper seqnum; } winbind_domain_info; winbind_status winbind_get_domain_info( [in,string,charset(UTF8)] uint8 domain_name[], [in,unique,string,charset(UTF8)] uint8 *dc_name, [in,out] winbind_domain_info_level *level, [out,switch_is(*level)] winbind_domain_info *domain_info ); /* Issue a GetDCName or DsGetDCName Request */ typedef [v1_enum] enum { WINBIND_DC_INFO_LEVEL_COMPAT_NT4 = 1, WINBIND_DC_INFO_LEVEL_COMPAT_DS = 2 } winbind_dc_info_level; typedef [switch_type(winbind_dc_info_level)] union { [case(WINBIND_DC_INFO_LEVEL_COMPAT_NT4)]; [case(WINBIND_DC_INFO_LEVEL_COMPAT_DS)] uint32 flags; } winbind_dc_info_params; typedef [switch_type(winbind_dc_info_level)] union { [case(WINBIND_DC_INFO_LEVEL_COMPAT_NT4)] [string,charset(UTF8)] uint8 *name; [case(WINBIND_DC_INFO_LEVEL_COMPAT_DS)] [string,charset(UTF8)] uint8 *name; } winbind_dc_info; winbind_status winbind_get_dc_info( [in,string,charset(UTF8)] uint8 domain_name[], [in,out] winbind_dc_info_level *level, [in,switch_is(*level)] winbind_dc_info_params params, [out,switch_is(*level)] winbind_dc_info *dc_info ); /* * WINS commands */ winbind_status winbind_wins_byip(/*TODO*/); winbind_status winbind_wins_byname(/*TODO*/); /* this is like GETGRENT but gives an empty group list */ winbind_status winbind_getgrlist(/*TODO*/); /* The netbios name of the server */ winbind_status winbind_netbios_name(/*TODO*/); /* return a list of group sids for a user sid */ winbind_status winbind_getusersids(/*TODO*/); /* Various group queries */ winbind_status winbind_getuserdomgroups(/*TODO*/); /* * Wrapper around possibly blocking unix nss calls */ winbind_status winbind_dual_userinfo(/*TODO*/); winbind_status winbind_dual_getsidaliases(/*TODO*/); /* * Complete the challenge phase of the NTLM authentication * protocol using cached password. */ winbind_status winbind_ccache_ntlmauth(/*TODO*/); }