* Winbind (NDR-based) Protocol
*/
-import "security.idl", "lsa.idl";
+import "security.idl", "lsa.idl", "samr.idl", "netlogon.idl";
[ uuid("b6608c99-0407-401b-96d3-7bcda67232af"),
version(1.0),
] interface winbind_protocol
{
typedef enum lsa_SidType lsa_SidType;
+ typedef struct netr_SamInfo3 netr_SamInfo3;
+ typedef struct samr_DomInfo1 samr_DomInfo1;
+ typedef [bitmap32bit] bitmap netr_LogonParameterControl netr_LogonParameterControl;
const uint32 WINBIND_MAX_LENGTH_PRIVILEGED = 0x0FFFFFFF;
const uint32 WINBIND_MAX_LENGTH_UNPRIVILEGED = 0x00020000;
/*
* PAM authenticate and password change
*/
- winbind_status winbind_pam_auth(/*TODO*/);
- winbind_status winbind_pam_auth_crap(/*TODO*/);
- winbind_status winbind_pam_chauthtok(/*TODO*/);
- winbind_status winbind_pam_logoff(/*TODO*/);
- winbind_status winbind_pam_chng_paswd_auth_crap(/*TODO*/);
+
+ typedef [v1_enum] enum {
+ WINBIND_AUTH_LEVEL_COMPAT_AUTH_PLAIN = 1,
+ WINBIND_AUTH_LEVEL_COMPAT_AUTH_RESPONSE = 2,
+ WINBIND_AUTH_LEVEL_COMPAT_LOGOFF = 3,
+ WINBIND_AUTH_LEVEL_CHANGE_PASSWORD_PLAIN= 4,
+ WINBIND_AUTH_LEVEL_CHANGE_PASSWORD_CRYPT= 5
+ } winbind_auth_level;
+
+ struct winbind_auth_compat_auth_plain_req {
+ uint32 flags;
+ [string,charset(UTF8)] uint8 account_name[];
+ [string,charset(UTF8)] uint8 *domain_name;
+ [string,charset(UTF8)] uint8 password[];
+ uint32 num_require_membership_of_sids;
+ [size_is(num_require_membership_of_sids)]
+ dom_sid *require_membership_of_sids;
+ [string,charset(UTF8)] uint8 *krb5_cc_type;
+ hyper *uid;
+ };
+
+ struct winbind_auth_compat_auth_rep {
+ [string,charset(UTF8)] uint8 *unix_username;
+ [string,charset(UTF8)] uint8 *krb5_cc_name;
+ netr_SamInfo3 *info3;
+ samr_DomInfo1 *password_policy;
+ DATA_BLOB *afs_token;
+ };
+
+ struct winbind_auth_compat_auth_response_req {
+ uint32 flags;
+ [string,charset(UTF8)] uint8 account_name[];
+ [string,charset(UTF8)] uint8 *domain_name;
+ [string,charset(UTF8)] uint8 *workstation_name;
+ uint32 num_require_membership_of_sids;
+ [size_is(num_require_membership_of_sids)]
+ dom_sid *require_membership_of_sids;
+ netr_LogonParameterControl logon_parameters;
+ uint8 challenge[8];
+ DATA_BLOB lm_response;
+ DATA_BLOB nt_response;
+ };
+
+ struct winbind_auth_compat_logoff_req {
+ uint32 flags;
+ [string,charset(UTF8)] uint8 account_name[];
+ [string,charset(UTF8)] uint8 *domain_name;
+ [string,charset(UTF8)] uint8 *krb5_cc_name;
+ hyper *uid;
+ };
+
+ struct winbind_auth_change_password_plain_req {
+ [string,charset(UTF8)] uint8 account_name[];
+ [string,charset(UTF8)] uint8 *domain_name;
+ [string,charset(UTF8)] uint8 old_password[];
+ [string,charset(UTF8)] uint8 new_password[];
+ };
+
+ struct winbind_auth_change_password_crypt_req {
+ [string,charset(UTF8)] uint8 account_name[];
+ [string,charset(UTF8)] uint8 *domain_name;
+ samr_CryptPassword nt_password;
+ samr_Password nt_verifier;
+ samr_CryptPassword *lm_password;
+ samr_Password *lm_verifier;
+ };
+
+ typedef [switch_type(winbind_auth_level)] union {
+ [case(WINBIND_AUTH_LEVEL_COMPAT_AUTH_PLAIN)]
+ struct winbind_auth_compat_auth_plain_req compat_auth_plain;
+ [case(WINBIND_AUTH_LEVEL_COMPAT_AUTH_RESPONSE)]
+ struct winbind_auth_compat_auth_response_req compat_auth_response;
+ [case(WINBIND_AUTH_LEVEL_COMPAT_LOGOFF)]
+ struct winbind_auth_compat_logoff_req compat_logoff;
+ [case(WINBIND_AUTH_LEVEL_CHANGE_PASSWORD_PLAIN)]
+ struct winbind_auth_change_password_plain_req change_password_plain;
+ [case(WINBIND_AUTH_LEVEL_CHANGE_PASSWORD_CRYPT)]
+ struct winbind_auth_change_password_crypt_req change_password_crypt;
+ [default];
+ } winbind_auth_req;
+
+ typedef [switch_type(winbind_auth_level)] union {
+ [case(WINBIND_AUTH_LEVEL_COMPAT_AUTH_PLAIN)]
+ struct winbind_auth_compat_auth_rep compat_auth;
+ [case(WINBIND_AUTH_LEVEL_COMPAT_AUTH_RESPONSE)]
+ struct winbind_auth_compat_auth_rep compat_auth;
+ [case(WINBIND_AUTH_LEVEL_COMPAT_LOGOFF)];
+ [case(WINBIND_AUTH_LEVEL_CHANGE_PASSWORD_PLAIN)];
+ [case(WINBIND_AUTH_LEVEL_CHANGE_PASSWORD_CRYPT)];
+ [default];
+ } winbind_auth_rep;
+
+ winbind_status winbind_auth(
+ [in] winbind_auth_level *level,
+ [in,switch_is(*level)] winbind_auth_req req,
+ [out,switch_is(*level)] winbind_auth_rep *rep
+ );
/*
* List various things
/* List w/o rid->id mapping */
winbind_status winbind_list_groups(/*TODO*/);
- winbind_status winbind_list_trustdom(/*TODO*/);
+ typedef [v1_enum] enum {
+ WINBIND_TRUST_LEVEL_COMPAT_LIST = 1,
+ WINBIND_TRUST_LEVEL_COMPAT_CHECK_MACHCC = 2
+ } winbind_trust_level;
+
+ /* Most of what we know from struct winbind_domain */
+ struct winbind_domain_info_compat {
+ [string,charset(UTF8)] uint8 netbios_name[];
+ [string,charset(UTF8)] uint8 *dns_name;
+ [ref] dom_sid *sid;
+ boolean32 is_native_mode;
+ boolean32 is_active_directory;
+ boolean32 is_primary;
+ };
+
+ struct winbind_domain_info_compat_array {
+ uint32 num_domains;
+ struct winbind_domain_info_compat domains[num_domains];
+ };
+
+ typedef [switch_type(winbind_trust_level)] union {
+ [case(WINBIND_TRUST_LEVEL_COMPAT_LIST)];
+ [case(WINBIND_TRUST_LEVEL_COMPAT_CHECK_MACHCC)];
+ [default];
+ } winbind_trust_req;
+
+ typedef [switch_type(winbind_trust_level)] union {
+ [case(WINBIND_TRUST_LEVEL_COMPAT_LIST)]
+ struct winbind_domain_info_compat_array compat_trusts;
+ [case(WINBIND_TRUST_LEVEL_COMPAT_CHECK_MACHCC)];
+ [default];
+ } winbind_trust_rep;
+
+ winbind_status winbind_trust(
+ [in] winbind_trust_level *level,
+ [in,switch_is(*level)] winbind_trust_req req,
+ [out,switch_is(*level)] winbind_trust_rep *rep
+ );
/*
* Lookup functions
*/
typedef [v1_enum] enum {
- WINBIND_LOOKUP_LEVEL_SID2NAME = 1,
- WINBIND_LOOKUP_LEVEL_NAME2SID = 2
+ WINBIND_LOOKUP_LEVEL_SID2NAME = 1,
+ WINBIND_LOOKUP_LEVEL_NAME2SID = 2,
+ WINBIND_LOOKUP_LEVEL_RIDS2NAMES = 3,
+ WINBIND_LOOKUP_LEVEL_SID2USERINFO = 4,
+ WINBIND_LOOKUP_LEVEL_SID2DOMGROUPS = 5,
+ WINBIND_LOOKUP_LEVEL_EXPANDALIASES = 6
} winbind_lookup_level;
- typedef [switch_type(winbind_lookup_level)] union {
- [case(WINBIND_LOOKUP_LEVEL_SID2NAME)]
-/*TODO [ref]*/ dom_sid *sid;
- [case(WINBIND_LOOKUP_LEVEL_NAME2SID)]
- [string,charset(UTF8)] uint8 name[];
- [default];
- } winbind_lookup_req;
+ struct winbind_lookup_req_rids {
+/*TODO [ref]*/ dom_sid *domain_sid;
+ uint32 num_rids;
+ uint32 rids[num_rids];
+ };
struct winbind_lookup_name_info {
[string,charset(UTF8)] uint8 domain_name[];
lsa_SidType type;
};
+ struct winbind_lookup_name_info_array {
+ uint32 num_names;
+ struct winbind_lookup_name_info names[num_names];
+ };
+
+ struct winbind_lookup_user_info {
+ [string,charset(UTF8)] uint8 account[];
+ [string,charset(UTF8)] uint8 gecos[];
+ [string,charset(UTF8)] uint8 homedir[];
+ [string,charset(UTF8)] uint8 shell[];
+ hyper primary_gid;
+ uint32 primary_rid;
+ };
+
+ struct winbind_lookup_sid_info_array {
+ uint32 num_sids;
+ struct winbind_lookup_sid_info sids[num_sids];
+ };
+
+ typedef [switch_type(winbind_lookup_level)] union {
+ [case(WINBIND_LOOKUP_LEVEL_SID2NAME)]
+/*TODO [ref]*/ dom_sid *sid;
+ [case(WINBIND_LOOKUP_LEVEL_NAME2SID)]
+ [string,charset(UTF8)] uint8 name[];
+ [case(WINBIND_LOOKUP_LEVEL_RIDS2NAMES)]
+ struct winbind_lookup_req_rids rids;
+ [case(WINBIND_LOOKUP_LEVEL_SID2USERINFO)]
+/*TODO [ref]*/ dom_sid *sid;
+ [case(WINBIND_LOOKUP_LEVEL_SID2DOMGROUPS)]
+/*TODO [ref]*/ dom_sid *sid;
+ [case(WINBIND_LOOKUP_LEVEL_EXPANDALIASES)]
+ struct winbind_lookup_sid_info_array sid_array;
+ [default];
+ } winbind_lookup_req;
+
typedef [switch_type(winbind_lookup_level)] union {
[case(WINBIND_LOOKUP_LEVEL_SID2NAME)]
struct winbind_lookup_name_info name_info;
[case(WINBIND_LOOKUP_LEVEL_NAME2SID)]
struct winbind_lookup_sid_info sid_info;
+ [case(WINBIND_LOOKUP_LEVEL_RIDS2NAMES)]
+ struct winbind_lookup_name_info_array name_array;
+ [case(WINBIND_LOOKUP_LEVEL_SID2USERINFO)]
+ struct winbind_lookup_user_info user_info;
+ [case(WINBIND_LOOKUP_LEVEL_SID2DOMGROUPS)]
+ struct winbind_lookup_sid_info_array sid_array;
+ [case(WINBIND_LOOKUP_LEVEL_EXPANDALIASES)]
+ struct winbind_lookup_sid_info_array sid_array;
[default];
} winbind_lookup_rep;
[out,switch_is(*level)] winbind_set_idmap_rep *rep
);
- /* Check machine account pw works */
- winbind_status winbind_check_machcc(/*TODO*/);
/* Various bit of info. Currently just tidbits */
winbind_status winbind_info_fixname(/*TODO*/);
/* The domain this winbind server is a member of (lp_workgroup()) */
winbind_status winbind_domain_name(/*TODO*/);
- /* Most of what we know from struct winbind_domain */
- struct winbind_domain_info_compat {
- [string,charset(UTF8)] uint8 netbios_name[];
- [string,charset(UTF8)] uint8 *dns_name;
- [ref] dom_sid *sid;
- boolean32 is_native_mode;
- boolean32 is_active_directory;
- boolean32 is_primary;
- };
-
typedef [v1_enum] enum {
WINBIND_DOMAIN_INFO_LEVEL_COMPAT = 1,
WINBIND_DOMAIN_INFO_LEVEL_SEQNUM = 2