2 * Winbind (NDR-based) Protocol
5 import "security.idl", "lsa.idl";
7 [ uuid("b6608c99-0407-401b-96d3-7bcda67232af"),
9 pointer_default(unique)
10 ] interface winbind_protocol
12 typedef enum lsa_SidType lsa_SidType;
14 const uint32 WINBIND_MAX_LENGTH_PRIVILEGED = 0x0FFFFFFF;
15 const uint32 WINBIND_MAX_LENGTH_UNPRIVILEGED = 0x00020000;
17 typedef [public,v1_enum] enum {
18 WINBIND_STATUS_OK = 0x00000000,
19 WINBIND_STATUS_UNKNOWN_ERROR = 0x57420001,
20 WINBIND_STATUS_NOT_IMPLEMENTED = 0x57420002,
21 WINBIND_STATUS_NOT_SUPPORTED = 0x57420003,
22 WINBIND_STATUS_NO_MEMORY = 0x57420004,
23 WINBIND_STATUS_INVALID_PARAMETER = 0x57420005,
24 WINBIND_STATUS_INVALID_LEVEL = 0x57420006,
25 WINBIND_STATUS_UNKNOWN_LEVEL = 0x57420007,
26 WINBIND_STATUS_DOMAIN_OFFLINE = 0x57420008
29 const uint32 WINBIND_STATUS_FOOBAR = WINBIND_STATUS_UNKNOWN_ERROR;
31 typedef [bitmap16bit] bitmap {
32 WINBIND_HEADER_VERSION = 0x0001
33 } winbind_header_version;
35 typedef [bitmap32bit] bitmap {
36 WINBIND_HEADER_FLAGS_RESPONSE = 0x00000001,
37 WINBIND_HEADER_FLAGS_ERROR = 0x00000002
38 } winbind_header_flags;
40 const uint32 WINBIND_HEADER_SIZE = 0x10;
41 [public] struct winbind_header {
43 [charset(DOS),value("WBPT")] uint8 magic[4];
44 [value(WINBIND_HEADER_VERSION)] winbind_header_version version;
46 winbind_header_flags flags;
50 * Just tell me winbindd is running
52 winbind_status winbind_ping();
55 * - Get the interface version
56 * - Find the location of the privileged pipe
58 winbind_status winbind_interface_details(/*TODO*/);
61 * Get users and groups
63 winbind_status winbind_getpwnam(/*TODO*/);
64 winbind_status winbind_getpwuid(/*TODO*/);
66 winbind_status winbind_getgrnam(/*TODO*/);
67 winbind_status winbind_getgrgid(/*TODO*/);
69 winbind_status winbind_getgroups(/*TODO*/);
72 * Enumerate users and groups
74 winbind_status winbind_setpwent(/*TODO*/);
75 winbind_status winbind_endpwent(/*TODO*/);
76 winbind_status winbind_getpwent(/*TODO*/);
78 winbind_status winbind_setgrent(/*TODO*/);
79 winbind_status winbind_endgrent(/*TODO*/);
80 winbind_status winbind_getgrent(/*TODO*/);
83 * PAM authenticate and password change
85 winbind_status winbind_pam_auth(/*TODO*/);
86 winbind_status winbind_pam_auth_crap(/*TODO*/);
87 winbind_status winbind_pam_chauthtok(/*TODO*/);
88 winbind_status winbind_pam_logoff(/*TODO*/);
89 winbind_status winbind_pam_chng_paswd_auth_crap(/*TODO*/);
95 /* List w/o rid->id mapping */
96 winbind_status winbind_list_users(/*TODO*/);
98 /* List w/o rid->id mapping */
99 winbind_status winbind_list_groups(/*TODO*/);
101 typedef [v1_enum] enum {
102 WINBIND_TRUST_LEVEL_COMPAT_LIST = 1,
103 WINBIND_TRUST_LEVEL_COMPAT_CHECK_MACHCC = 2
104 } winbind_trust_level;
106 /* Most of what we know from struct winbind_domain */
107 struct winbind_domain_info_compat {
108 [string,charset(UTF8)] uint8 netbios_name[];
109 [string,charset(UTF8)] uint8 *dns_name;
111 boolean32 is_native_mode;
112 boolean32 is_active_directory;
113 boolean32 is_primary;
116 struct winbind_domain_info_compat_array {
118 struct winbind_domain_info_compat domains[num_domains];
121 typedef [switch_type(winbind_trust_level)] union {
122 [case(WINBIND_TRUST_LEVEL_COMPAT_LIST)];
123 [case(WINBIND_TRUST_LEVEL_COMPAT_CHECK_MACHCC)];
127 typedef [switch_type(winbind_trust_level)] union {
128 [case(WINBIND_TRUST_LEVEL_COMPAT_LIST)]
129 struct winbind_domain_info_compat_array compat_trusts;
130 [case(WINBIND_TRUST_LEVEL_COMPAT_CHECK_MACHCC)];
134 winbind_status winbind_trust(
135 [in] winbind_trust_level *level,
136 [in,switch_is(*level)] winbind_trust_req req,
137 [out,switch_is(*level)] winbind_trust_rep *rep
144 typedef [v1_enum] enum {
145 WINBIND_LOOKUP_LEVEL_SID2NAME = 1,
146 WINBIND_LOOKUP_LEVEL_NAME2SID = 2,
147 WINBIND_LOOKUP_LEVEL_RIDS2NAMES = 3,
148 WINBIND_LOOKUP_LEVEL_SID2USERINFO = 4,
149 WINBIND_LOOKUP_LEVEL_SID2DOMGROUPS = 5
150 } winbind_lookup_level;
152 struct winbind_lookup_req_rids {
153 /*TODO [ref]*/ dom_sid *domain_sid;
155 uint32 rids[num_rids];
158 typedef [switch_type(winbind_lookup_level)] union {
159 [case(WINBIND_LOOKUP_LEVEL_SID2NAME)]
160 /*TODO [ref]*/ dom_sid *sid;
161 [case(WINBIND_LOOKUP_LEVEL_NAME2SID)]
162 [string,charset(UTF8)] uint8 name[];
163 [case(WINBIND_LOOKUP_LEVEL_RIDS2NAMES)]
164 struct winbind_lookup_req_rids rids;
165 [case(WINBIND_LOOKUP_LEVEL_SID2USERINFO)]
166 /*TODO [ref]*/ dom_sid *sid;
167 [case(WINBIND_LOOKUP_LEVEL_SID2DOMGROUPS)]
168 /*TODO [ref]*/ dom_sid *sid;
170 } winbind_lookup_req;
172 struct winbind_lookup_name_info {
173 [string,charset(UTF8)] uint8 domain_name[];
174 [string,charset(UTF8)] uint8 account_name[];
178 struct winbind_lookup_sid_info {
179 /*TODO [ref]*/ dom_sid *sid;
183 struct winbind_lookup_name_info_array {
185 struct winbind_lookup_name_info names[num_names];
188 struct winbind_lookup_user_info {
189 [string,charset(UTF8)] uint8 account[];
190 [string,charset(UTF8)] uint8 gecos[];
191 [string,charset(UTF8)] uint8 homedir[];
192 [string,charset(UTF8)] uint8 shell[];
197 struct winbind_lookup_sid_info_array {
199 struct winbind_lookup_sid_info sids[num_sids];
202 typedef [switch_type(winbind_lookup_level)] union {
203 [case(WINBIND_LOOKUP_LEVEL_SID2NAME)]
204 struct winbind_lookup_name_info name_info;
205 [case(WINBIND_LOOKUP_LEVEL_NAME2SID)]
206 struct winbind_lookup_sid_info sid_info;
207 [case(WINBIND_LOOKUP_LEVEL_RIDS2NAMES)]
208 struct winbind_lookup_name_info_array name_array;
209 [case(WINBIND_LOOKUP_LEVEL_SID2USERINFO)]
210 struct winbind_lookup_user_info user_info;
211 [case(WINBIND_LOOKUP_LEVEL_SID2DOMGROUPS)]
212 struct winbind_lookup_sid_info_array sid_array;
214 } winbind_lookup_rep;
216 winbind_status winbind_lookup(
217 [in] winbind_lookup_level *level,
218 [in,switch_is(*level)] winbind_lookup_req req,
219 [out,switch_is(*level)] winbind_lookup_rep *rep
225 typedef [v1_enum] enum {
226 WINBIND_IDMAP_LEVEL_SID_TO_UID = 1,
227 WINBIND_IDMAP_LEVEL_SID_TO_GID = 2,
228 WINBIND_IDMAP_LEVEL_UID_TO_SID = 3,
229 WINBIND_IDMAP_LEVEL_GID_TO_SID = 4
230 } winbind_get_idmap_level;
232 typedef [switch_type(winbind_get_idmap_level)] union {
233 [case(WINBIND_IDMAP_LEVEL_SID_TO_UID)]
234 /*TODO [ref]*/ dom_sid *sid;
235 [case(WINBIND_IDMAP_LEVEL_SID_TO_GID)]
236 /*TODO [ref]*/ dom_sid *sid;
237 [case(WINBIND_IDMAP_LEVEL_UID_TO_SID)]
239 [case(WINBIND_IDMAP_LEVEL_GID_TO_SID)]
241 } winbind_get_idmap_req;
243 typedef [switch_type(winbind_get_idmap_level)] union {
244 [case(WINBIND_IDMAP_LEVEL_SID_TO_UID)]
246 [case(WINBIND_IDMAP_LEVEL_SID_TO_GID)]
248 [case(WINBIND_IDMAP_LEVEL_UID_TO_SID)]
249 /*TODO [ref]*/ dom_sid *sid;
250 [case(WINBIND_IDMAP_LEVEL_GID_TO_SID)]
251 /*TODO [ref]*/ dom_sid *sid;
252 } winbind_get_idmap_rep;
254 winbind_status winbind_get_idmap(
255 [in,out] winbind_get_idmap_level *level,
256 [in,switch_is(*level)] winbind_get_idmap_req req,
257 [out,switch_is(*level)] winbind_get_idmap_rep *rep
260 typedef [v1_enum] enum {
261 WINBIND_SET_IDMAP_LEVEL_ALLOCATE_UID = 1,
262 WINBIND_SET_IDMAP_LEVEL_ALLOCATE_GID = 2,
263 WINBIND_SET_IDMAP_LEVEL_SET_MAPPING = 3,
264 WINBIND_SET_IDMAP_LEVEL_SET_HWM = 4
265 } winbind_set_idmap_level;
267 typedef [switch_type(winbind_set_idmap_level)] union {
268 [case(WINBIND_SET_IDMAP_LEVEL_ALLOCATE_UID)];
269 [case(WINBIND_SET_IDMAP_LEVEL_ALLOCATE_GID)];
270 [case(WINBIND_SET_IDMAP_LEVEL_SET_MAPPING)]
272 [case(WINBIND_SET_IDMAP_LEVEL_SET_HWM)]
274 } winbind_set_idmap_req;
276 typedef [switch_type(winbind_set_idmap_level)] union {
277 [case(WINBIND_SET_IDMAP_LEVEL_ALLOCATE_UID)]
279 [case(WINBIND_SET_IDMAP_LEVEL_ALLOCATE_GID)]
281 [case(WINBIND_SET_IDMAP_LEVEL_SET_MAPPING)];
282 [case(WINBIND_SET_IDMAP_LEVEL_SET_HWM)];
283 } winbind_set_idmap_rep;
285 winbind_status winbind_set_idmap(
286 [in,out] winbind_set_idmap_level *level,
287 [in,switch_is(*level)] winbind_set_idmap_req req,
288 [out,switch_is(*level)] winbind_set_idmap_rep *rep
291 /* Various bit of info. Currently just tidbits */
292 winbind_status winbind_info_fixname(/*TODO*/);
293 /* The domain this winbind server is a member of (lp_workgroup()) */
294 winbind_status winbind_domain_name(/*TODO*/);
296 typedef [v1_enum] enum {
297 WINBIND_DOMAIN_INFO_LEVEL_COMPAT = 1,
298 WINBIND_DOMAIN_INFO_LEVEL_SEQNUM = 2
299 } winbind_domain_info_level;
301 typedef [switch_type(winbind_domain_info_level)] union {
302 [case(WINBIND_DOMAIN_INFO_LEVEL_COMPAT)]
303 struct winbind_domain_info_compat compat;
304 [case(WINBIND_DOMAIN_INFO_LEVEL_SEQNUM)]
306 } winbind_domain_info;
308 winbind_status winbind_get_domain_info(
309 [in,string,charset(UTF8)] uint8 domain_name[],
310 [in,unique,string,charset(UTF8)] uint8 *dc_name,
311 [in,out] winbind_domain_info_level *level,
312 [out,switch_is(*level)] winbind_domain_info *domain_info
315 /* Issue a GetDCName or DsGetDCName Request */
316 typedef [v1_enum] enum {
317 WINBIND_DC_INFO_LEVEL_COMPAT_NT4 = 1,
318 WINBIND_DC_INFO_LEVEL_COMPAT_DS = 2
319 } winbind_dc_info_level;
321 typedef [switch_type(winbind_dc_info_level)] union {
322 [case(WINBIND_DC_INFO_LEVEL_COMPAT_NT4)];
323 [case(WINBIND_DC_INFO_LEVEL_COMPAT_DS)]
325 } winbind_dc_info_params;
327 typedef [switch_type(winbind_dc_info_level)] union {
328 [case(WINBIND_DC_INFO_LEVEL_COMPAT_NT4)]
329 [string,charset(UTF8)] uint8 *name;
330 [case(WINBIND_DC_INFO_LEVEL_COMPAT_DS)]
331 [string,charset(UTF8)] uint8 *name;
334 winbind_status winbind_get_dc_info(
335 [in,string,charset(UTF8)] uint8 domain_name[],
336 [in,out] winbind_dc_info_level *level,
337 [in,switch_is(*level)] winbind_dc_info_params params,
338 [out,switch_is(*level)] winbind_dc_info *dc_info
345 winbind_status winbind_wins_byip(/*TODO*/);
346 winbind_status winbind_wins_byname(/*TODO*/);
348 /* this is like GETGRENT but gives an empty group list */
349 winbind_status winbind_getgrlist(/*TODO*/);
351 /* The netbios name of the server */
352 winbind_status winbind_netbios_name(/*TODO*/);
355 /* return a list of group sids for a user sid */
356 winbind_status winbind_getusersids(/*TODO*/);
358 /* Various group queries */
359 winbind_status winbind_getuserdomgroups(/*TODO*/);
362 * Wrapper around possibly blocking unix nss calls
365 winbind_status winbind_dual_userinfo(/*TODO*/);
366 winbind_status winbind_dual_getsidaliases(/*TODO*/);
369 * Complete the challenge phase of the NTLM authentication
370 * protocol using cached password.
372 winbind_status winbind_ccache_ntlmauth(/*TODO*/);