2 * Winbind (NDR-based) Protocol
5 import "security.idl", "lsa.idl", "samr.idl", "netlogon.idl";
7 [ uuid("b6608c99-0407-401b-96d3-7bcda67232af"),
9 pointer_default(unique)
10 ] interface winbind_protocol
12 typedef enum lsa_SidType lsa_SidType;
13 typedef struct netr_SamInfo3 netr_SamInfo3;
14 typedef struct samr_DomInfo1 samr_DomInfo1;
15 typedef [bitmap32bit] bitmap netr_LogonParameterControl netr_LogonParameterControl;
17 const uint32 WINBIND_MAX_LENGTH_PRIVILEGED = 0x0FFFFFFF;
18 const uint32 WINBIND_MAX_LENGTH_UNPRIVILEGED = 0x00020000;
20 typedef [public,v1_enum] enum {
21 WINBIND_STATUS_OK = 0x00000000,
22 WINBIND_STATUS_UNKNOWN_ERROR = 0x57420001,
23 WINBIND_STATUS_NOT_IMPLEMENTED = 0x57420002,
24 WINBIND_STATUS_NOT_SUPPORTED = 0x57420003,
25 WINBIND_STATUS_NO_MEMORY = 0x57420004,
26 WINBIND_STATUS_INVALID_PARAMETER = 0x57420005,
27 WINBIND_STATUS_INVALID_LEVEL = 0x57420006,
28 WINBIND_STATUS_UNKNOWN_LEVEL = 0x57420007,
29 WINBIND_STATUS_DOMAIN_OFFLINE = 0x57420008
32 const uint32 WINBIND_STATUS_FOOBAR = WINBIND_STATUS_UNKNOWN_ERROR;
34 typedef [bitmap16bit] bitmap {
35 WINBIND_HEADER_VERSION = 0x0001
36 } winbind_header_version;
38 typedef [bitmap32bit] bitmap {
39 WINBIND_HEADER_FLAGS_RESPONSE = 0x00000001,
40 WINBIND_HEADER_FLAGS_ERROR = 0x00000002
41 } winbind_header_flags;
43 const uint32 WINBIND_HEADER_SIZE = 0x10;
44 [public] struct winbind_header {
46 [charset(DOS),value("WBPT")] uint8 magic[4];
47 [value(WINBIND_HEADER_VERSION)] winbind_header_version version;
49 winbind_header_flags flags;
53 * Just tell me winbindd is running
55 winbind_status winbind_ping();
58 * - Get the interface version
59 * - Find the location of the privileged pipe
61 winbind_status winbind_interface_details(/*TODO*/);
64 * Get users and groups
66 winbind_status winbind_getpwnam(/*TODO*/);
67 winbind_status winbind_getpwuid(/*TODO*/);
69 winbind_status winbind_getgrnam(/*TODO*/);
70 winbind_status winbind_getgrgid(/*TODO*/);
72 winbind_status winbind_getgroups(/*TODO*/);
75 * Enumerate users and groups
77 winbind_status winbind_setpwent(/*TODO*/);
78 winbind_status winbind_endpwent(/*TODO*/);
79 winbind_status winbind_getpwent(/*TODO*/);
81 winbind_status winbind_setgrent(/*TODO*/);
82 winbind_status winbind_endgrent(/*TODO*/);
83 winbind_status winbind_getgrent(/*TODO*/);
86 * PAM authenticate and password change
89 typedef [v1_enum] enum {
90 WINBIND_AUTH_LEVEL_COMPAT_AUTH_PLAIN = 1,
91 WINBIND_AUTH_LEVEL_COMPAT_AUTH_RESPONSE = 2
94 struct winbind_auth_compat_auth_plain_req {
96 [string,charset(UTF8)] uint8 account_name[];
97 [string,charset(UTF8)] uint8 *domain_name;
98 [string,charset(UTF8)] uint8 password[];
99 uint32 num_require_membership_of_sids;
100 [size_is(num_require_membership_of_sids)]
101 dom_sid *require_membership_of_sids;
102 [string,charset(UTF8)] uint8 *krb5_cc_type;
106 struct winbind_auth_compat_auth_rep {
107 [string,charset(UTF8)] uint8 *unix_username;
108 [string,charset(UTF8)] uint8 *krb5_cc_name;
109 netr_SamInfo3 *info3;
110 samr_DomInfo1 *password_policy;
111 DATA_BLOB *afs_token;
114 struct winbind_auth_compat_auth_response_req {
116 [string,charset(UTF8)] uint8 account_name[];
117 [string,charset(UTF8)] uint8 *domain_name;
118 [string,charset(UTF8)] uint8 *workstation_name;
119 uint32 num_require_membership_of_sids;
120 [size_is(num_require_membership_of_sids)]
121 dom_sid *require_membership_of_sids;
122 netr_LogonParameterControl logon_parameters;
124 DATA_BLOB lm_response;
125 DATA_BLOB nt_response;
128 typedef [switch_type(winbind_auth_level)] union {
129 [case(WINBIND_AUTH_LEVEL_COMPAT_AUTH_PLAIN)]
130 struct winbind_auth_compat_auth_plain_req compat_auth_plain;
131 [case(WINBIND_AUTH_LEVEL_COMPAT_AUTH_RESPONSE)]
132 struct winbind_auth_compat_auth_response_req compat_auth_response;
136 typedef [switch_type(winbind_auth_level)] union {
137 [case(WINBIND_AUTH_LEVEL_COMPAT_AUTH_PLAIN)]
138 struct winbind_auth_compat_auth_rep compat_auth;
139 [case(WINBIND_AUTH_LEVEL_COMPAT_AUTH_RESPONSE)]
140 struct winbind_auth_compat_auth_rep compat_auth;
144 winbind_status winbind_auth(
145 [in] winbind_auth_level *level,
146 [in,switch_is(*level)] winbind_auth_req req,
147 [out,switch_is(*level)] winbind_auth_rep *rep
150 winbind_status winbind_pam_chauthtok(/*TODO*/);
151 winbind_status winbind_pam_logoff(/*TODO*/);
152 winbind_status winbind_pam_chng_paswd_auth_crap(/*TODO*/);
155 * List various things
158 /* List w/o rid->id mapping */
159 winbind_status winbind_list_users(/*TODO*/);
161 /* List w/o rid->id mapping */
162 winbind_status winbind_list_groups(/*TODO*/);
164 typedef [v1_enum] enum {
165 WINBIND_TRUST_LEVEL_COMPAT_LIST = 1,
166 WINBIND_TRUST_LEVEL_COMPAT_CHECK_MACHCC = 2
167 } winbind_trust_level;
169 /* Most of what we know from struct winbind_domain */
170 struct winbind_domain_info_compat {
171 [string,charset(UTF8)] uint8 netbios_name[];
172 [string,charset(UTF8)] uint8 *dns_name;
174 boolean32 is_native_mode;
175 boolean32 is_active_directory;
176 boolean32 is_primary;
179 struct winbind_domain_info_compat_array {
181 struct winbind_domain_info_compat domains[num_domains];
184 typedef [switch_type(winbind_trust_level)] union {
185 [case(WINBIND_TRUST_LEVEL_COMPAT_LIST)];
186 [case(WINBIND_TRUST_LEVEL_COMPAT_CHECK_MACHCC)];
190 typedef [switch_type(winbind_trust_level)] union {
191 [case(WINBIND_TRUST_LEVEL_COMPAT_LIST)]
192 struct winbind_domain_info_compat_array compat_trusts;
193 [case(WINBIND_TRUST_LEVEL_COMPAT_CHECK_MACHCC)];
197 winbind_status winbind_trust(
198 [in] winbind_trust_level *level,
199 [in,switch_is(*level)] winbind_trust_req req,
200 [out,switch_is(*level)] winbind_trust_rep *rep
207 typedef [v1_enum] enum {
208 WINBIND_LOOKUP_LEVEL_SID2NAME = 1,
209 WINBIND_LOOKUP_LEVEL_NAME2SID = 2,
210 WINBIND_LOOKUP_LEVEL_RIDS2NAMES = 3,
211 WINBIND_LOOKUP_LEVEL_SID2USERINFO = 4,
212 WINBIND_LOOKUP_LEVEL_SID2DOMGROUPS = 5,
213 WINBIND_LOOKUP_LEVEL_EXPANDALIASES = 6
214 } winbind_lookup_level;
216 struct winbind_lookup_req_rids {
217 /*TODO [ref]*/ dom_sid *domain_sid;
219 uint32 rids[num_rids];
222 struct winbind_lookup_name_info {
223 [string,charset(UTF8)] uint8 domain_name[];
224 [string,charset(UTF8)] uint8 account_name[];
228 struct winbind_lookup_sid_info {
229 /*TODO [ref]*/ dom_sid *sid;
233 struct winbind_lookup_name_info_array {
235 struct winbind_lookup_name_info names[num_names];
238 struct winbind_lookup_user_info {
239 [string,charset(UTF8)] uint8 account[];
240 [string,charset(UTF8)] uint8 gecos[];
241 [string,charset(UTF8)] uint8 homedir[];
242 [string,charset(UTF8)] uint8 shell[];
247 struct winbind_lookup_sid_info_array {
249 struct winbind_lookup_sid_info sids[num_sids];
252 typedef [switch_type(winbind_lookup_level)] union {
253 [case(WINBIND_LOOKUP_LEVEL_SID2NAME)]
254 /*TODO [ref]*/ dom_sid *sid;
255 [case(WINBIND_LOOKUP_LEVEL_NAME2SID)]
256 [string,charset(UTF8)] uint8 name[];
257 [case(WINBIND_LOOKUP_LEVEL_RIDS2NAMES)]
258 struct winbind_lookup_req_rids rids;
259 [case(WINBIND_LOOKUP_LEVEL_SID2USERINFO)]
260 /*TODO [ref]*/ dom_sid *sid;
261 [case(WINBIND_LOOKUP_LEVEL_SID2DOMGROUPS)]
262 /*TODO [ref]*/ dom_sid *sid;
263 [case(WINBIND_LOOKUP_LEVEL_EXPANDALIASES)]
264 struct winbind_lookup_sid_info_array sid_array;
266 } winbind_lookup_req;
268 typedef [switch_type(winbind_lookup_level)] union {
269 [case(WINBIND_LOOKUP_LEVEL_SID2NAME)]
270 struct winbind_lookup_name_info name_info;
271 [case(WINBIND_LOOKUP_LEVEL_NAME2SID)]
272 struct winbind_lookup_sid_info sid_info;
273 [case(WINBIND_LOOKUP_LEVEL_RIDS2NAMES)]
274 struct winbind_lookup_name_info_array name_array;
275 [case(WINBIND_LOOKUP_LEVEL_SID2USERINFO)]
276 struct winbind_lookup_user_info user_info;
277 [case(WINBIND_LOOKUP_LEVEL_SID2DOMGROUPS)]
278 struct winbind_lookup_sid_info_array sid_array;
279 [case(WINBIND_LOOKUP_LEVEL_EXPANDALIASES)]
280 struct winbind_lookup_sid_info_array sid_array;
282 } winbind_lookup_rep;
284 winbind_status winbind_lookup(
285 [in] winbind_lookup_level *level,
286 [in,switch_is(*level)] winbind_lookup_req req,
287 [out,switch_is(*level)] winbind_lookup_rep *rep
293 typedef [v1_enum] enum {
294 WINBIND_IDMAP_LEVEL_SID_TO_UID = 1,
295 WINBIND_IDMAP_LEVEL_SID_TO_GID = 2,
296 WINBIND_IDMAP_LEVEL_UID_TO_SID = 3,
297 WINBIND_IDMAP_LEVEL_GID_TO_SID = 4
298 } winbind_get_idmap_level;
300 typedef [switch_type(winbind_get_idmap_level)] union {
301 [case(WINBIND_IDMAP_LEVEL_SID_TO_UID)]
302 /*TODO [ref]*/ dom_sid *sid;
303 [case(WINBIND_IDMAP_LEVEL_SID_TO_GID)]
304 /*TODO [ref]*/ dom_sid *sid;
305 [case(WINBIND_IDMAP_LEVEL_UID_TO_SID)]
307 [case(WINBIND_IDMAP_LEVEL_GID_TO_SID)]
309 } winbind_get_idmap_req;
311 typedef [switch_type(winbind_get_idmap_level)] union {
312 [case(WINBIND_IDMAP_LEVEL_SID_TO_UID)]
314 [case(WINBIND_IDMAP_LEVEL_SID_TO_GID)]
316 [case(WINBIND_IDMAP_LEVEL_UID_TO_SID)]
317 /*TODO [ref]*/ dom_sid *sid;
318 [case(WINBIND_IDMAP_LEVEL_GID_TO_SID)]
319 /*TODO [ref]*/ dom_sid *sid;
320 } winbind_get_idmap_rep;
322 winbind_status winbind_get_idmap(
323 [in,out] winbind_get_idmap_level *level,
324 [in,switch_is(*level)] winbind_get_idmap_req req,
325 [out,switch_is(*level)] winbind_get_idmap_rep *rep
328 typedef [v1_enum] enum {
329 WINBIND_SET_IDMAP_LEVEL_ALLOCATE_UID = 1,
330 WINBIND_SET_IDMAP_LEVEL_ALLOCATE_GID = 2,
331 WINBIND_SET_IDMAP_LEVEL_SET_MAPPING = 3,
332 WINBIND_SET_IDMAP_LEVEL_SET_HWM = 4
333 } winbind_set_idmap_level;
335 typedef [switch_type(winbind_set_idmap_level)] union {
336 [case(WINBIND_SET_IDMAP_LEVEL_ALLOCATE_UID)];
337 [case(WINBIND_SET_IDMAP_LEVEL_ALLOCATE_GID)];
338 [case(WINBIND_SET_IDMAP_LEVEL_SET_MAPPING)]
340 [case(WINBIND_SET_IDMAP_LEVEL_SET_HWM)]
342 } winbind_set_idmap_req;
344 typedef [switch_type(winbind_set_idmap_level)] union {
345 [case(WINBIND_SET_IDMAP_LEVEL_ALLOCATE_UID)]
347 [case(WINBIND_SET_IDMAP_LEVEL_ALLOCATE_GID)]
349 [case(WINBIND_SET_IDMAP_LEVEL_SET_MAPPING)];
350 [case(WINBIND_SET_IDMAP_LEVEL_SET_HWM)];
351 } winbind_set_idmap_rep;
353 winbind_status winbind_set_idmap(
354 [in,out] winbind_set_idmap_level *level,
355 [in,switch_is(*level)] winbind_set_idmap_req req,
356 [out,switch_is(*level)] winbind_set_idmap_rep *rep
359 /* Various bit of info. Currently just tidbits */
360 winbind_status winbind_info_fixname(/*TODO*/);
361 /* The domain this winbind server is a member of (lp_workgroup()) */
362 winbind_status winbind_domain_name(/*TODO*/);
364 typedef [v1_enum] enum {
365 WINBIND_DOMAIN_INFO_LEVEL_COMPAT = 1,
366 WINBIND_DOMAIN_INFO_LEVEL_SEQNUM = 2
367 } winbind_domain_info_level;
369 typedef [switch_type(winbind_domain_info_level)] union {
370 [case(WINBIND_DOMAIN_INFO_LEVEL_COMPAT)]
371 struct winbind_domain_info_compat compat;
372 [case(WINBIND_DOMAIN_INFO_LEVEL_SEQNUM)]
374 } winbind_domain_info;
376 winbind_status winbind_get_domain_info(
377 [in,string,charset(UTF8)] uint8 domain_name[],
378 [in,unique,string,charset(UTF8)] uint8 *dc_name,
379 [in,out] winbind_domain_info_level *level,
380 [out,switch_is(*level)] winbind_domain_info *domain_info
383 /* Issue a GetDCName or DsGetDCName Request */
384 typedef [v1_enum] enum {
385 WINBIND_DC_INFO_LEVEL_COMPAT_NT4 = 1,
386 WINBIND_DC_INFO_LEVEL_COMPAT_DS = 2
387 } winbind_dc_info_level;
389 typedef [switch_type(winbind_dc_info_level)] union {
390 [case(WINBIND_DC_INFO_LEVEL_COMPAT_NT4)];
391 [case(WINBIND_DC_INFO_LEVEL_COMPAT_DS)]
393 } winbind_dc_info_params;
395 typedef [switch_type(winbind_dc_info_level)] union {
396 [case(WINBIND_DC_INFO_LEVEL_COMPAT_NT4)]
397 [string,charset(UTF8)] uint8 *name;
398 [case(WINBIND_DC_INFO_LEVEL_COMPAT_DS)]
399 [string,charset(UTF8)] uint8 *name;
402 winbind_status winbind_get_dc_info(
403 [in,string,charset(UTF8)] uint8 domain_name[],
404 [in,out] winbind_dc_info_level *level,
405 [in,switch_is(*level)] winbind_dc_info_params params,
406 [out,switch_is(*level)] winbind_dc_info *dc_info
413 winbind_status winbind_wins_byip(/*TODO*/);
414 winbind_status winbind_wins_byname(/*TODO*/);
416 /* this is like GETGRENT but gives an empty group list */
417 winbind_status winbind_getgrlist(/*TODO*/);
419 /* The netbios name of the server */
420 winbind_status winbind_netbios_name(/*TODO*/);
423 /* return a list of group sids for a user sid */
424 winbind_status winbind_getusersids(/*TODO*/);
426 /* Various group queries */
427 winbind_status winbind_getuserdomgroups(/*TODO*/);
430 * Wrapper around possibly blocking unix nss calls
433 winbind_status winbind_dual_userinfo(/*TODO*/);
434 winbind_status winbind_dual_getsidaliases(/*TODO*/);
437 * Complete the challenge phase of the NTLM authentication
438 * protocol using cached password.
440 winbind_status winbind_ccache_ntlmauth(/*TODO*/);