source/librpc/idl/winbind_protocol.idl

   1 /*
   2  * Winbind (NDR-based) Protocol
   3  */
   4
   5 import "security.idl",  "lsa.idl", "samr.idl", "netlogon.idl";
   6
   7 [ uuid("b6608c99-0407-401b-96d3-7bcda67232af"),
   8   version(1.0),
   9   pointer_default(unique)
  10 ] interface winbind_protocol
  11 {
  12         typedef enum lsa_SidType lsa_SidType;
  13         typedef struct netr_SamInfo3 netr_SamInfo3;
  14         typedef struct samr_DomInfo1 samr_DomInfo1;
  15         typedef [bitmap32bit] bitmap netr_LogonParameterControl netr_LogonParameterControl;
  16
  17         const uint32 WINBIND_MAX_LENGTH_PRIVILEGED      = 0x0FFFFFFF;
  18         const uint32 WINBIND_MAX_LENGTH_UNPRIVILEGED    = 0x00020000;
  19
  20         typedef [public,v1_enum] enum {
  21                 WINBIND_STATUS_OK                       = 0x00000000,
  22                 WINBIND_STATUS_UNKNOWN_ERROR            = 0x57420001,
  23                 WINBIND_STATUS_NOT_IMPLEMENTED          = 0x57420002,
  24                 WINBIND_STATUS_NOT_SUPPORTED            = 0x57420003,
  25                 WINBIND_STATUS_NO_MEMORY                = 0x57420004,
  26                 WINBIND_STATUS_INVALID_PARAMETER        = 0x57420005,
  27                 WINBIND_STATUS_INVALID_LEVEL            = 0x57420006,
  28                 WINBIND_STATUS_UNKNOWN_LEVEL            = 0x57420007,
  29                 WINBIND_STATUS_DOMAIN_OFFLINE           = 0x57420008
  30         } winbind_status;
  31
  32         const uint32 WINBIND_STATUS_FOOBAR              = WINBIND_STATUS_UNKNOWN_ERROR;
  33
  34         typedef [bitmap16bit] bitmap {
  35                 WINBIND_HEADER_VERSION          = 0x0001
  36         } winbind_header_version;
  37
  38         typedef [bitmap32bit] bitmap {
  39                 WINBIND_HEADER_FLAGS_RESPONSE   = 0x00000001,
  40                 WINBIND_HEADER_FLAGS_ERROR      = 0x00000002
  41         } winbind_header_flags;
  42
  43         const uint32 WINBIND_HEADER_SIZE        = 0x10;
  44         [public] struct winbind_header {
  45                 uint32 length;
  46                 [charset(DOS),value("WBPT")] uint8 magic[4];
  47                 [value(WINBIND_HEADER_VERSION)] winbind_header_version version;
  48                 uint16 opnum;
  49                 winbind_header_flags flags;
  50         };
  51
  52         /*
  53          * Just tell me winbindd is running
  54          */
  55         winbind_status winbind_ping();
  56
  57         /*
  58          * - Get the interface version
  59          * - Find the location of the privileged pipe
  60          */
  61         winbind_status winbind_interface_details(/*TODO*/);
  62
  63         /*
  64          * Get users and groups
  65          */
  66         winbind_status winbind_getpwnam(/*TODO*/);
  67         winbind_status winbind_getpwuid(/*TODO*/);
  68
  69         winbind_status winbind_getgrnam(/*TODO*/);
  70         winbind_status winbind_getgrgid(/*TODO*/);
  71
  72         winbind_status winbind_getgroups(/*TODO*/);
  73
  74         /*
  75          * Enumerate users and groups
  76          */
  77         winbind_status winbind_setpwent(/*TODO*/);
  78         winbind_status winbind_endpwent(/*TODO*/);
  79         winbind_status winbind_getpwent(/*TODO*/);
  80
  81         winbind_status winbind_setgrent(/*TODO*/);
  82         winbind_status winbind_endgrent(/*TODO*/);
  83         winbind_status winbind_getgrent(/*TODO*/);
  84
  85         /*
  86          * PAM authenticate and password change
  87          */
  88
  89         typedef [v1_enum] enum {
  90                 WINBIND_AUTH_LEVEL_COMPAT_AUTH_PLAIN    = 1,
  91                 WINBIND_AUTH_LEVEL_COMPAT_AUTH_RESPONSE = 2
  92         } winbind_auth_level;
  93
  94         struct winbind_auth_compat_auth_plain_req {
  95                 uint32 flags;
  96                 [string,charset(UTF8)] uint8    account_name[];
  97                 [string,charset(UTF8)] uint8    *domain_name;
  98                 [string,charset(UTF8)] uint8    password[];
  99                 uint32 num_require_membership_of_sids;
 100                 [size_is(num_require_membership_of_sids)]
 101                         dom_sid *require_membership_of_sids;
 102                 [string,charset(UTF8)] uint8    *krb5_cc_type;
 103                 hyper *uid;
 104         };
 105
 106         struct winbind_auth_compat_auth_rep {
 107                 [string,charset(UTF8)] uint8 *unix_username;
 108                 [string,charset(UTF8)] uint8 *krb5_cc_name;
 109                 netr_SamInfo3 *info3;
 110                 samr_DomInfo1 *password_policy;
 111                 DATA_BLOB *afs_token;
 112         };
 113
 114         struct winbind_auth_compat_auth_response_req {
 115                 uint32 flags;
 116                 [string,charset(UTF8)] uint8    account_name[];
 117                 [string,charset(UTF8)] uint8    *domain_name;
 118                 [string,charset(UTF8)] uint8    *workstation_name;
 119                 uint32 num_require_membership_of_sids;
 120                 [size_is(num_require_membership_of_sids)]
 121                         dom_sid *require_membership_of_sids;
 122                 netr_LogonParameterControl logon_parameters;
 123                 uint8 challenge[8];
 124                 DATA_BLOB lm_response;
 125                 DATA_BLOB nt_response;
 126         };
 127
 128         typedef [switch_type(winbind_auth_level)] union {
 129         [case(WINBIND_AUTH_LEVEL_COMPAT_AUTH_PLAIN)]
 130                 struct winbind_auth_compat_auth_plain_req compat_auth_plain;
 131         [case(WINBIND_AUTH_LEVEL_COMPAT_AUTH_RESPONSE)]
 132                 struct winbind_auth_compat_auth_response_req compat_auth_response;
 133         [default];
 134         } winbind_auth_req;
 135
 136         typedef [switch_type(winbind_auth_level)] union {
 137         [case(WINBIND_AUTH_LEVEL_COMPAT_AUTH_PLAIN)]
 138                 struct winbind_auth_compat_auth_rep compat_auth;
 139         [case(WINBIND_AUTH_LEVEL_COMPAT_AUTH_RESPONSE)]
 140                 struct winbind_auth_compat_auth_rep compat_auth;
 141         [default];
 142         } winbind_auth_rep;
 143
 144         winbind_status winbind_auth(
 145                 [in] winbind_auth_level *level,
 146                 [in,switch_is(*level)] winbind_auth_req req,
 147                 [out,switch_is(*level)] winbind_auth_rep *rep
 148         );
 149
 150         winbind_status winbind_pam_chauthtok(/*TODO*/);
 151         winbind_status winbind_pam_logoff(/*TODO*/);
 152         winbind_status winbind_pam_chng_paswd_auth_crap(/*TODO*/);
 153
 154         /*
 155          * List various things
 156          */
 157
 158         /* List w/o rid->id mapping */
 159         winbind_status winbind_list_users(/*TODO*/);
 160
 161         /* List w/o rid->id mapping */
 162         winbind_status winbind_list_groups(/*TODO*/);
 163
 164         typedef [v1_enum] enum {
 165                 WINBIND_TRUST_LEVEL_COMPAT_LIST         = 1,
 166                 WINBIND_TRUST_LEVEL_COMPAT_CHECK_MACHCC = 2
 167         } winbind_trust_level;
 168
 169         /* Most of what we know from struct winbind_domain */
 170         struct winbind_domain_info_compat {
 171                 [string,charset(UTF8)] uint8    netbios_name[];
 172                 [string,charset(UTF8)] uint8    *dns_name;
 173                 [ref] dom_sid                   *sid;
 174                 boolean32                       is_native_mode;
 175                 boolean32                       is_active_directory;
 176                 boolean32                       is_primary;
 177         };
 178
 179         struct winbind_domain_info_compat_array {
 180                 uint32          num_domains;
 181                 struct winbind_domain_info_compat domains[num_domains];
 182         };
 183
 184         typedef [switch_type(winbind_trust_level)] union {
 185         [case(WINBIND_TRUST_LEVEL_COMPAT_LIST)];
 186         [case(WINBIND_TRUST_LEVEL_COMPAT_CHECK_MACHCC)];
 187         [default];
 188         } winbind_trust_req;
 189
 190         typedef [switch_type(winbind_trust_level)] union {
 191         [case(WINBIND_TRUST_LEVEL_COMPAT_LIST)]
 192                 struct winbind_domain_info_compat_array compat_trusts;
 193         [case(WINBIND_TRUST_LEVEL_COMPAT_CHECK_MACHCC)];
 194         [default];
 195         } winbind_trust_rep;
 196
 197         winbind_status winbind_trust(
 198                 [in] winbind_trust_level *level,
 199                 [in,switch_is(*level)] winbind_trust_req req,
 200                 [out,switch_is(*level)] winbind_trust_rep *rep
 201         );
 202
 203         /*
 204          * Lookup functions
 205          */
 206
 207         typedef [v1_enum] enum {
 208                 WINBIND_LOOKUP_LEVEL_SID2NAME           = 1,
 209                 WINBIND_LOOKUP_LEVEL_NAME2SID           = 2,
 210                 WINBIND_LOOKUP_LEVEL_RIDS2NAMES         = 3,
 211                 WINBIND_LOOKUP_LEVEL_SID2USERINFO       = 4,
 212                 WINBIND_LOOKUP_LEVEL_SID2DOMGROUPS      = 5,
 213                 WINBIND_LOOKUP_LEVEL_EXPANDALIASES      = 6
 214         } winbind_lookup_level;
 215
 216         struct winbind_lookup_req_rids {
 217 /*TODO          [ref]*/ dom_sid *domain_sid;
 218                 uint32 num_rids;
 219                 uint32 rids[num_rids];
 220         };
 221
 222         struct winbind_lookup_name_info {
 223                 [string,charset(UTF8)] uint8 domain_name[];
 224                 [string,charset(UTF8)] uint8 account_name[];
 225                 lsa_SidType type;
 226         };
 227
 228         struct winbind_lookup_sid_info {
 229 /*TODO          [ref]*/ dom_sid *sid;
 230                 lsa_SidType type;
 231         };
 232
 233         struct winbind_lookup_name_info_array {
 234                 uint32 num_names;
 235                 struct winbind_lookup_name_info names[num_names];
 236         };
 237
 238         struct winbind_lookup_user_info {
 239                 [string,charset(UTF8)] uint8 account[];
 240                 [string,charset(UTF8)] uint8 gecos[];
 241                 [string,charset(UTF8)] uint8 homedir[];
 242                 [string,charset(UTF8)] uint8 shell[];
 243                 hyper primary_gid;
 244                 uint32 primary_rid;
 245         };
 246
 247         struct winbind_lookup_sid_info_array {
 248                 uint32 num_sids;
 249                 struct winbind_lookup_sid_info sids[num_sids];
 250         };
 251
 252         typedef [switch_type(winbind_lookup_level)] union {
 253         [case(WINBIND_LOOKUP_LEVEL_SID2NAME)]
 254 /*TODO          [ref]*/ dom_sid *sid;
 255         [case(WINBIND_LOOKUP_LEVEL_NAME2SID)]
 256                 [string,charset(UTF8)] uint8 name[];
 257         [case(WINBIND_LOOKUP_LEVEL_RIDS2NAMES)]
 258                 struct winbind_lookup_req_rids rids;
 259         [case(WINBIND_LOOKUP_LEVEL_SID2USERINFO)]
 260 /*TODO          [ref]*/ dom_sid *sid;
 261         [case(WINBIND_LOOKUP_LEVEL_SID2DOMGROUPS)]
 262 /*TODO          [ref]*/ dom_sid *sid;
 263         [case(WINBIND_LOOKUP_LEVEL_EXPANDALIASES)]
 264                 struct winbind_lookup_sid_info_array sid_array;
 265         [default];
 266         } winbind_lookup_req;
 267
 268         typedef [switch_type(winbind_lookup_level)] union {
 269         [case(WINBIND_LOOKUP_LEVEL_SID2NAME)]
 270                 struct winbind_lookup_name_info name_info;
 271         [case(WINBIND_LOOKUP_LEVEL_NAME2SID)]
 272                 struct winbind_lookup_sid_info sid_info;
 273         [case(WINBIND_LOOKUP_LEVEL_RIDS2NAMES)]
 274                 struct winbind_lookup_name_info_array name_array;
 275         [case(WINBIND_LOOKUP_LEVEL_SID2USERINFO)]
 276                 struct winbind_lookup_user_info user_info;
 277         [case(WINBIND_LOOKUP_LEVEL_SID2DOMGROUPS)]
 278                 struct winbind_lookup_sid_info_array sid_array;
 279         [case(WINBIND_LOOKUP_LEVEL_EXPANDALIASES)]
 280                 struct winbind_lookup_sid_info_array sid_array;
 281         [default];
 282         } winbind_lookup_rep;
 283
 284         winbind_status winbind_lookup(
 285                 [in] winbind_lookup_level *level,
 286                 [in,switch_is(*level)] winbind_lookup_req req,
 287                 [out,switch_is(*level)] winbind_lookup_rep *rep
 288         );
 289
 290         /*
 291          * SID conversion
 292          */
 293         typedef [v1_enum] enum {
 294                 WINBIND_IDMAP_LEVEL_SID_TO_UID          = 1,
 295                 WINBIND_IDMAP_LEVEL_SID_TO_GID          = 2,
 296                 WINBIND_IDMAP_LEVEL_UID_TO_SID          = 3,
 297                 WINBIND_IDMAP_LEVEL_GID_TO_SID          = 4
 298         } winbind_get_idmap_level;
 299
 300         typedef [switch_type(winbind_get_idmap_level)] union {
 301         [case(WINBIND_IDMAP_LEVEL_SID_TO_UID)]
 302 /*TODO          [ref]*/ dom_sid *sid;
 303         [case(WINBIND_IDMAP_LEVEL_SID_TO_GID)]
 304 /*TODO          [ref]*/ dom_sid *sid;
 305         [case(WINBIND_IDMAP_LEVEL_UID_TO_SID)]
 306                 hyper uid;
 307         [case(WINBIND_IDMAP_LEVEL_GID_TO_SID)]
 308                 hyper gid;
 309         } winbind_get_idmap_req;
 310
 311         typedef [switch_type(winbind_get_idmap_level)] union {
 312         [case(WINBIND_IDMAP_LEVEL_SID_TO_UID)]
 313                 hyper uid;
 314         [case(WINBIND_IDMAP_LEVEL_SID_TO_GID)]
 315                 hyper gid;
 316         [case(WINBIND_IDMAP_LEVEL_UID_TO_SID)]
 317 /*TODO          [ref]*/ dom_sid *sid;
 318         [case(WINBIND_IDMAP_LEVEL_GID_TO_SID)]
 319 /*TODO          [ref]*/ dom_sid *sid;
 320         } winbind_get_idmap_rep;
 321
 322         winbind_status winbind_get_idmap(
 323                 [in,out] winbind_get_idmap_level *level,
 324                 [in,switch_is(*level)] winbind_get_idmap_req req,
 325                 [out,switch_is(*level)] winbind_get_idmap_rep *rep
 326         );
 327
 328         typedef [v1_enum] enum {
 329                 WINBIND_SET_IDMAP_LEVEL_ALLOCATE_UID            = 1,
 330                 WINBIND_SET_IDMAP_LEVEL_ALLOCATE_GID            = 2,
 331                 WINBIND_SET_IDMAP_LEVEL_SET_MAPPING             = 3,
 332                 WINBIND_SET_IDMAP_LEVEL_SET_HWM                 = 4
 333         } winbind_set_idmap_level;
 334
 335         typedef [switch_type(winbind_set_idmap_level)] union {
 336         [case(WINBIND_SET_IDMAP_LEVEL_ALLOCATE_UID)];
 337         [case(WINBIND_SET_IDMAP_LEVEL_ALLOCATE_GID)];
 338         [case(WINBIND_SET_IDMAP_LEVEL_SET_MAPPING)]
 339                 id_map mapping;
 340         [case(WINBIND_SET_IDMAP_LEVEL_SET_HWM)]
 341                 unixid hwm;
 342         } winbind_set_idmap_req;
 343
 344         typedef [switch_type(winbind_set_idmap_level)] union {
 345         [case(WINBIND_SET_IDMAP_LEVEL_ALLOCATE_UID)]
 346                 hyper uid;
 347         [case(WINBIND_SET_IDMAP_LEVEL_ALLOCATE_GID)]
 348                 hyper gid;
 349         [case(WINBIND_SET_IDMAP_LEVEL_SET_MAPPING)];
 350         [case(WINBIND_SET_IDMAP_LEVEL_SET_HWM)];
 351         } winbind_set_idmap_rep;
 352
 353         winbind_status winbind_set_idmap(
 354                 [in,out] winbind_set_idmap_level *level,
 355                 [in,switch_is(*level)] winbind_set_idmap_req req,
 356                 [out,switch_is(*level)] winbind_set_idmap_rep *rep
 357         );
 358
 359         /* Various bit of info.  Currently just tidbits */
 360         winbind_status winbind_info_fixname(/*TODO*/);
 361         /* The domain this winbind server is a member of (lp_workgroup()) */
 362         winbind_status winbind_domain_name(/*TODO*/);
 363
 364         typedef [v1_enum] enum {
 365                 WINBIND_DOMAIN_INFO_LEVEL_COMPAT = 1,
 366                 WINBIND_DOMAIN_INFO_LEVEL_SEQNUM = 2
 367         } winbind_domain_info_level;
 368
 369         typedef [switch_type(winbind_domain_info_level)] union {
 370         [case(WINBIND_DOMAIN_INFO_LEVEL_COMPAT)]
 371                 struct winbind_domain_info_compat compat;
 372         [case(WINBIND_DOMAIN_INFO_LEVEL_SEQNUM)]
 373                 hyper seqnum;
 374         } winbind_domain_info;
 375
 376         winbind_status winbind_get_domain_info(
 377                 [in,string,charset(UTF8)] uint8 domain_name[],
 378                 [in,unique,string,charset(UTF8)] uint8 *dc_name,
 379                 [in,out] winbind_domain_info_level *level,
 380                 [out,switch_is(*level)] winbind_domain_info *domain_info
 381         );
 382
 383         /* Issue a GetDCName or DsGetDCName Request */
 384         typedef [v1_enum] enum {
 385                 WINBIND_DC_INFO_LEVEL_COMPAT_NT4        = 1,
 386                 WINBIND_DC_INFO_LEVEL_COMPAT_DS         = 2
 387         } winbind_dc_info_level;
 388
 389         typedef [switch_type(winbind_dc_info_level)] union {
 390         [case(WINBIND_DC_INFO_LEVEL_COMPAT_NT4)];
 391         [case(WINBIND_DC_INFO_LEVEL_COMPAT_DS)]
 392                 uint32 flags;
 393         } winbind_dc_info_params;
 394
 395         typedef [switch_type(winbind_dc_info_level)] union {
 396         [case(WINBIND_DC_INFO_LEVEL_COMPAT_NT4)]
 397                 [string,charset(UTF8)] uint8 *name;
 398         [case(WINBIND_DC_INFO_LEVEL_COMPAT_DS)]
 399                 [string,charset(UTF8)] uint8 *name;
 400         } winbind_dc_info;
 401
 402         winbind_status winbind_get_dc_info(
 403                 [in,string,charset(UTF8)] uint8 domain_name[],
 404                 [in,out] winbind_dc_info_level *level,
 405                 [in,switch_is(*level)] winbind_dc_info_params params,
 406                 [out,switch_is(*level)] winbind_dc_info *dc_info
 407         );
 408
 409         /*
 410          * WINS commands
 411          */
 412
 413         winbind_status winbind_wins_byip(/*TODO*/);
 414         winbind_status winbind_wins_byname(/*TODO*/);
 415
 416         /* this is like GETGRENT but gives an empty group list */
 417         winbind_status winbind_getgrlist(/*TODO*/);
 418
 419         /* The netbios name of the server */
 420         winbind_status winbind_netbios_name(/*TODO*/);
 421
 422
 423         /* return a list of group sids for a user sid */
 424         winbind_status winbind_getusersids(/*TODO*/);
 425
 426         /* Various group queries */
 427         winbind_status winbind_getuserdomgroups(/*TODO*/);
 428
 429         /*
 430          * Wrapper around possibly blocking unix nss calls
 431          */
 432
 433         winbind_status winbind_dual_userinfo(/*TODO*/);
 434         winbind_status winbind_dual_getsidaliases(/*TODO*/);
 435
 436         /*
 437          * Complete the challenge phase of the NTLM authentication
 438          * protocol using cached password.
 439          */
 440         winbind_status winbind_ccache_ntlmauth(/*TODO*/);
 441 }