2 Unix SMB/CIFS implementation.
6 Copyright (C) Gerald (Jerry) Carter 2007
8 This library is free software; you can redistribute it and/or
9 modify it under the terms of the GNU Lesser General Public
10 License as published by the Free Software Foundation; either
11 version 3 of the License, or (at your option) any later version.
13 This library is distributed in the hope that it will be useful,
14 but WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Library General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with this program. If not, see <http://www.gnu.org/licenses/>.
28 /* Define error types */
31 * @brief Status codes returned from wbc functions
35 WBC_ERR_SUCCESS = 0, /**< Successful completion **/
36 WBC_ERR_NOT_IMPLEMENTED,/**< Function not implemented **/
37 WBC_ERR_UNKNOWN_FAILURE,/**< General failure **/
38 WBC_ERR_NO_MEMORY, /**< Memory allocation error **/
39 WBC_ERR_INVALID_SID, /**< Invalid SID format **/
40 WBC_ERR_INVALID_PARAM, /**< An Invalid parameter was supplied **/
41 WBC_ERR_WINBIND_NOT_AVAILABLE, /**< Winbind daemon is not available **/
42 WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/
43 WBC_ERR_INVALID_RESPONSE, /**< Winbind returned an invalid response **/
44 WBC_ERR_NSS_ERROR, /**< NSS_STATUS error **/
45 WBC_ERR_AUTH_ERROR, /**< Authentication failed **/
46 WBC_ERR_UNKNOWN_USER, /**< User account cannot be found */
47 WBC_ERR_UNKNOWN_GROUP, /**< Group account cannot be found */
48 WBC_ERR_PWD_CHANGE_FAILED /**< Password Change has failed */
51 typedef enum _wbcErrType wbcErr;
53 #define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS)
55 const char *wbcErrorString(wbcErr error);
58 * @brief Some useful details about the wbclient library
60 * 0.1: Initial version
61 * 0.2: Added wbcRemoveUidMapping()
62 * Added wbcRemoveGidMapping()
63 * 0.3: Added wbcGetpwsid()
64 * Added wbcGetSidAliases()
66 #define WBCLIENT_MAJOR_VERSION 0
67 #define WBCLIENT_MINOR_VERSION 3
68 #define WBCLIENT_VENDOR_VERSION "Samba libwbclient"
69 struct wbcLibraryDetails {
70 uint16_t major_version;
71 uint16_t minor_version;
72 const char *vendor_version;
76 * @brief Some useful details about the running winbindd
79 struct wbcInterfaceDetails {
80 uint32_t interface_version;
81 const char *winbind_version;
82 char winbind_separator;
83 const char *netbios_name;
84 const char *netbios_domain;
85 const char *dns_domain;
89 * Data types used by the Winbind Client API
92 #ifndef WBC_MAXSUBAUTHS
93 #define WBC_MAXSUBAUTHS 15 /* max sub authorities in a SID */
97 * @brief Windows Security Identifier
101 struct wbcDomainSid {
105 uint32_t sub_auths[WBC_MAXSUBAUTHS];
109 * @brief Security Identifier type
113 WBC_SID_NAME_USE_NONE=0,
115 WBC_SID_NAME_DOM_GRP=2,
116 WBC_SID_NAME_DOMAIN=3,
117 WBC_SID_NAME_ALIAS=4,
118 WBC_SID_NAME_WKN_GRP=5,
119 WBC_SID_NAME_DELETED=6,
120 WBC_SID_NAME_INVALID=7,
121 WBC_SID_NAME_UNKNOWN=8,
122 WBC_SID_NAME_COMPUTER=9
126 * @brief Security Identifier with attributes
129 struct wbcSidWithAttr {
130 struct wbcDomainSid sid;
134 /* wbcSidWithAttr->attributes */
136 #define WBC_SID_ATTR_GROUP_MANDATORY 0x00000001
137 #define WBC_SID_ATTR_GROUP_ENABLED_BY_DEFAULT 0x00000002
138 #define WBC_SID_ATTR_GROUP_ENABLED 0x00000004
139 #define WBC_SID_ATTR_GROUP_OWNER 0x00000008
140 #define WBC_SID_ATTR_GROUP_USEFOR_DENY_ONLY 0x00000010
141 #define WBC_SID_ATTR_GROUP_RESOURCE 0x20000000
142 #define WBC_SID_ATTR_GROUP_LOGON_ID 0xC0000000
145 * @brief Windows GUID
152 uint16_t time_hi_and_version;
153 uint8_t clock_seq[2];
158 * @brief Domain Information
161 struct wbcDomainInfo {
164 struct wbcDomainSid sid;
165 uint32_t domain_flags;
166 uint32_t trust_flags;
170 /* wbcDomainInfo->domain_flags */
172 #define WBC_DOMINFO_DOMAIN_UNKNOWN 0x00000000
173 #define WBC_DOMINFO_DOMAIN_NATIVE 0x00000001
174 #define WBC_DOMINFO_DOMAIN_AD 0x00000002
175 #define WBC_DOMINFO_DOMAIN_PRIMARY 0x00000004
176 #define WBC_DOMINFO_DOMAIN_OFFLINE 0x00000008
178 /* wbcDomainInfo->trust_flags */
180 #define WBC_DOMINFO_TRUST_TRANSITIVE 0x00000001
181 #define WBC_DOMINFO_TRUST_INCOMING 0x00000002
182 #define WBC_DOMINFO_TRUST_OUTGOING 0x00000004
184 /* wbcDomainInfo->trust_type */
186 #define WBC_DOMINFO_TRUSTTYPE_NONE 0x00000000
187 #define WBC_DOMINFO_TRUSTTYPE_FOREST 0x00000001
188 #define WBC_DOMINFO_TRUSTTYPE_IN_FOREST 0x00000002
189 #define WBC_DOMINFO_TRUSTTYPE_EXTERNAL 0x00000003
192 * @brief Auth User Parameters
195 struct wbcAuthUserParams {
196 const char *account_name;
197 const char *domain_name;
198 const char *workstation_name;
202 uint32_t parameter_control;
204 enum wbcAuthUserLevel {
205 WBC_AUTH_USER_LEVEL_PLAIN = 1,
206 WBC_AUTH_USER_LEVEL_HASH = 2,
207 WBC_AUTH_USER_LEVEL_RESPONSE = 3
210 const char *plaintext;
216 uint8_t challenge[8];
226 * @brief Generic Blob
238 struct wbcNamedBlob {
245 * @brief Logon User Parameters
248 struct wbcLogonUserParams {
249 const char *username;
250 const char *password;
252 struct wbcNamedBlob *blobs;
256 * @brief ChangePassword Parameters
259 struct wbcChangePasswordParams {
260 const char *account_name;
261 const char *domain_name;
265 enum wbcChangePasswordLevel {
266 WBC_CHANGE_PASSWORD_LEVEL_PLAIN = 1,
267 WBC_CHANGE_PASSWORD_LEVEL_RESPONSE = 2
271 const char *plaintext;
273 uint32_t old_nt_hash_enc_length;
274 uint8_t *old_nt_hash_enc_data;
275 uint32_t old_lm_hash_enc_length;
276 uint8_t *old_lm_hash_enc_data;
280 const char *plaintext;
290 /* wbcAuthUserParams->parameter_control */
292 #define WBC_MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x00000002
293 #define WBC_MSV1_0_UPDATE_LOGON_STATISTICS 0x00000004
294 #define WBC_MSV1_0_RETURN_USER_PARAMETERS 0x00000008
295 #define WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x00000020
296 #define WBC_MSV1_0_RETURN_PROFILE_PATH 0x00000200
297 #define WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x00000800
299 /* wbcAuthUserParams->flags */
301 #define WBC_AUTH_PARAM_FLAGS_INTERACTIVE_LOGON 0x00000001
304 * @brief Auth User Information
306 * Some of the strings are maybe NULL
309 struct wbcAuthUserInfo {
313 char *user_principal;
316 char *dns_domain_name;
319 uint8_t user_session_key[16];
320 uint8_t lm_session_key[8];
322 uint16_t logon_count;
323 uint16_t bad_password_count;
326 uint64_t logoff_time;
327 uint64_t kickoff_time;
328 uint64_t pass_last_set_time;
329 uint64_t pass_can_change_time;
330 uint64_t pass_must_change_time;
335 char *home_directory;
339 * the 1st one is the account sid
340 * the 2nd one is the primary_group sid
341 * followed by the rest of the groups
344 struct wbcSidWithAttr *sids;
348 * @brief Logon User Information
350 * Some of the strings are maybe NULL
353 struct wbcLogonUserInfo {
354 struct wbcAuthUserInfo *info;
356 struct wbcNamedBlob *blobs;
359 /* wbcAuthUserInfo->user_flags */
361 #define WBC_AUTH_USER_INFO_GUEST 0x00000001
362 #define WBC_AUTH_USER_INFO_NOENCRYPTION 0x00000002
363 #define WBC_AUTH_USER_INFO_CACHED_ACCOUNT 0x00000004
364 #define WBC_AUTH_USER_INFO_USED_LM_PASSWORD 0x00000008
365 #define WBC_AUTH_USER_INFO_EXTRA_SIDS 0x00000020
366 #define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY 0x00000040
367 #define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT 0x00000080
368 #define WBC_AUTH_USER_INFO_NTLMV2_ENABLED 0x00000100
369 #define WBC_AUTH_USER_INFO_RESOURCE_GROUPS 0x00000200
370 #define WBC_AUTH_USER_INFO_PROFILE_PATH_RETURNED 0x00000400
371 #define WBC_AUTH_USER_INFO_GRACE_LOGON 0x01000000
373 /* wbcAuthUserInfo->acct_flags */
375 #define WBC_ACB_DISABLED 0x00000001 /* 1 User account disabled */
376 #define WBC_ACB_HOMDIRREQ 0x00000002 /* 1 Home directory required */
377 #define WBC_ACB_PWNOTREQ 0x00000004 /* 1 User password not required */
378 #define WBC_ACB_TEMPDUP 0x00000008 /* 1 Temporary duplicate account */
379 #define WBC_ACB_NORMAL 0x00000010 /* 1 Normal user account */
380 #define WBC_ACB_MNS 0x00000020 /* 1 MNS logon user account */
381 #define WBC_ACB_DOMTRUST 0x00000040 /* 1 Interdomain trust account */
382 #define WBC_ACB_WSTRUST 0x00000080 /* 1 Workstation trust account */
383 #define WBC_ACB_SVRTRUST 0x00000100 /* 1 Server trust account */
384 #define WBC_ACB_PWNOEXP 0x00000200 /* 1 User password does not expire */
385 #define WBC_ACB_AUTOLOCK 0x00000400 /* 1 Account auto locked */
386 #define WBC_ACB_ENC_TXT_PWD_ALLOWED 0x00000800 /* 1 Encryped text password is allowed */
387 #define WBC_ACB_SMARTCARD_REQUIRED 0x00001000 /* 1 Smart Card required */
388 #define WBC_ACB_TRUSTED_FOR_DELEGATION 0x00002000 /* 1 Trusted for Delegation */
389 #define WBC_ACB_NOT_DELEGATED 0x00004000 /* 1 Not delegated */
390 #define WBC_ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 Use DES key only */
391 #define WBC_ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 Preauth not required */
392 #define WBC_ACB_PW_EXPIRED 0x00020000 /* 1 Password Expired */
393 #define WBC_ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */
395 struct wbcAuthErrorInfo {
399 char *display_string;
403 * @brief User Password Policy Information
406 /* wbcUserPasswordPolicyInfo->password_properties */
408 #define WBC_DOMAIN_PASSWORD_COMPLEX 0x00000001
409 #define WBC_DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002
410 #define WBC_DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004
411 #define WBC_DOMAIN_PASSWORD_LOCKOUT_ADMINS 0x00000008
412 #define WBC_DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010
413 #define WBC_DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020
415 struct wbcUserPasswordPolicyInfo {
416 uint32_t min_length_password;
417 uint32_t password_history;
418 uint32_t password_properties;
420 uint64_t min_passwordage;
424 * @brief Change Password Reject Reason
427 enum wbcPasswordChangeRejectReason {
428 WBC_PWD_CHANGE_REJECT_OTHER=0,
429 WBC_PWD_CHANGE_REJECT_TOO_SHORT=1,
430 WBC_PWD_CHANGE_REJECT_IN_HISTORY=2,
431 WBC_PWD_CHANGE_REJECT_COMPLEXITY=5
435 * @brief Logoff User Parameters
438 struct wbcLogoffUserParams {
439 const char *username;
441 struct wbcNamedBlob *blobs;
444 /** @brief Credential cache log-on parameters
448 struct wbcCredentialCacheParams {
449 const char *account_name;
450 const char *domain_name;
451 enum wbcCredentialCacheLevel {
452 WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP = 1
455 struct wbcNamedBlob *blobs;
459 /** @brief Info returned by credential cache auth
463 struct wbcCredentialCacheInfo {
465 struct wbcNamedBlob *blobs;
469 * DomainControllerInfo struct
471 struct wbcDomainControllerInfo {
476 * DomainControllerInfoEx struct
478 struct wbcDomainControllerInfoEx {
480 const char *dc_address;
481 uint16_t dc_address_type;
482 struct wbcGuid *domain_guid;
483 const char *domain_name;
484 const char *forest_name;
486 const char *dc_site_name;
487 const char *client_site_name;
490 /**********************************************************
492 **********************************************************/
495 * @brief Free library allocated memory
497 * @param * Pointer to free
501 void wbcFreeMemory(void*);
505 * Utility functions for dealing with SIDs
509 * @brief Convert a binary SID to a character string
511 * @param sid Binary Security Identifier
512 * @param **sid_string Resulting character string
516 wbcErr wbcSidToString(const struct wbcDomainSid *sid,
520 * @brief Convert a character string to a binary SID
522 * @param *sid_string Character string in the form of S-...
523 * @param sid Resulting binary SID
527 wbcErr wbcStringToSid(const char *sid_string,
528 struct wbcDomainSid *sid);
531 * Utility functions for dealing with GUIDs
535 * @brief Convert a binary GUID to a character string
537 * @param guid Binary Guid
538 * @param **guid_string Resulting character string
542 wbcErr wbcGuidToString(const struct wbcGuid *guid,
546 * @brief Convert a character string to a binary GUID
548 * @param *guid_string Character string
549 * @param guid Resulting binary GUID
553 wbcErr wbcStringToGuid(const char *guid_string,
554 struct wbcGuid *guid);
557 * @brief Ping winbindd to see if the daemon is running
561 wbcErr wbcPing(void);
563 wbcErr wbcLibraryDetails(struct wbcLibraryDetails **details);
565 wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **details);
567 /**********************************************************
568 * Name/SID conversion
569 **********************************************************/
572 * @brief Convert a domain and name to SID
574 * @param dom_name Domain name (possibly "")
575 * @param name User or group name
576 * @param *sid Pointer to the resolved domain SID
577 * @param *name_type Pointer to the SID type
581 wbcErr wbcLookupName(const char *dom_name,
583 struct wbcDomainSid *sid,
584 enum wbcSidType *name_type);
587 * @brief Convert a SID to a domain and name
589 * @param *sid Pointer to the domain SID to be resolved
590 * @param domain Resolved Domain name (possibly "")
591 * @param name Resolved User or group name
592 * @param *name_type Pointer to the resolved SID type
596 wbcErr wbcLookupSid(const struct wbcDomainSid *sid,
599 enum wbcSidType *name_type);
602 * @brief Translate a collection of RIDs within a domain to names
604 wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid,
607 const char **domain_name,
609 enum wbcSidType **types);
612 * @brief Get the groups a user belongs to
614 wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid,
615 bool domain_groups_only,
617 struct wbcDomainSid **sids);
620 * @brief Get alias membership for sids
622 wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid,
623 struct wbcDomainSid *sids,
625 uint32_t **alias_rids,
626 uint32_t *num_alias_rids);
631 wbcErr wbcListUsers(const char *domain_name,
633 const char ***users);
636 * @brief Lists Groups
638 wbcErr wbcListGroups(const char *domain_name,
639 uint32_t *num_groups,
640 const char ***groups);
642 wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid,
645 enum wbcSidType *pname_type);
647 /**********************************************************
648 * SID/uid/gid Mappings
649 **********************************************************/
652 * @brief Convert a Windows SID to a Unix uid, allocating an uid if needed
654 * @param *sid Pointer to the domain SID to be resolved
655 * @param *puid Pointer to the resolved uid_t value
660 wbcErr wbcSidToUid(const struct wbcDomainSid *sid,
664 * @brief Convert a Windows SID to a Unix uid if there already is a mapping
666 * @param *sid Pointer to the domain SID to be resolved
667 * @param *puid Pointer to the resolved uid_t value
672 wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid,
676 * @brief Convert a Unix uid to a Windows SID, allocating a SID if needed
678 * @param uid Unix uid to be resolved
679 * @param *sid Pointer to the resolved domain SID
684 wbcErr wbcUidToSid(uid_t uid,
685 struct wbcDomainSid *sid);
688 * @brief Convert a Unix uid to a Windows SID if there already is a mapping
690 * @param uid Unix uid to be resolved
691 * @param *sid Pointer to the resolved domain SID
696 wbcErr wbcQueryUidToSid(uid_t uid,
697 struct wbcDomainSid *sid);
700 * @brief Convert a Windows SID to a Unix gid, allocating a gid if needed
702 * @param *sid Pointer to the domain SID to be resolved
703 * @param *pgid Pointer to the resolved gid_t value
708 wbcErr wbcSidToGid(const struct wbcDomainSid *sid,
712 * @brief Convert a Windows SID to a Unix gid if there already is a mapping
714 * @param *sid Pointer to the domain SID to be resolved
715 * @param *pgid Pointer to the resolved gid_t value
720 wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid,
724 * @brief Convert a Unix gid to a Windows SID, allocating a SID if needed
726 * @param gid Unix gid to be resolved
727 * @param *sid Pointer to the resolved domain SID
732 wbcErr wbcGidToSid(gid_t gid,
733 struct wbcDomainSid *sid);
736 * @brief Convert a Unix gid to a Windows SID if there already is a mapping
738 * @param gid Unix gid to be resolved
739 * @param *sid Pointer to the resolved domain SID
744 wbcErr wbcQueryGidToSid(gid_t gid,
745 struct wbcDomainSid *sid);
748 * @brief Obtain a new uid from Winbind
750 * @param *puid *pointer to the allocated uid
754 wbcErr wbcAllocateUid(uid_t *puid);
757 * @brief Obtain a new gid from Winbind
759 * @param *pgid Pointer to the allocated gid
763 wbcErr wbcAllocateGid(gid_t *pgid);
766 * @brief Set an user id mapping
768 * @param uid Uid of the desired mapping.
769 * @param *sid Pointer to the sid of the diresired mapping.
773 wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid);
776 * @brief Set a group id mapping
778 * @param gid Gid of the desired mapping.
779 * @param *sid Pointer to the sid of the diresired mapping.
783 wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid);
786 * @brief Remove a user id mapping
788 * @param uid Uid of the mapping to remove.
789 * @param *sid Pointer to the sid of the mapping to remove.
793 wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid);
796 * @brief Remove a group id mapping
798 * @param gid Gid of the mapping to remove.
799 * @param *sid Pointer to the sid of the mapping to remove.
803 wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid);
806 * @brief Set the highwater mark for allocated uids.
808 * @param uid_hwm The new uid highwater mark value
812 wbcErr wbcSetUidHwm(uid_t uid_hwm);
815 * @brief Set the highwater mark for allocated gids.
817 * @param gid_hwm The new gid highwater mark value
821 wbcErr wbcSetGidHwm(gid_t gid_hwm);
823 /**********************************************************
824 * NSS Lookup User/Group details
825 **********************************************************/
828 * @brief Fill in a struct passwd* for a domain user based
831 * @param *name Username to lookup
832 * @param **pwd Pointer to resulting struct passwd* from the query.
836 wbcErr wbcGetpwnam(const char *name, struct passwd **pwd);
839 * @brief Fill in a struct passwd* for a domain user based
842 * @param uid Uid to lookup
843 * @param **pwd Pointer to resulting struct passwd* from the query.
847 wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd);
850 * @brief Fill in a struct passwd* for a domain user based
853 * @param sid Sid to lookup
854 * @param **pwd Pointer to resulting struct passwd* from the query.
858 wbcErr wbcGetpwsid(struct wbcDomainSid * sid, struct passwd **pwd);
861 * @brief Fill in a struct passwd* for a domain user based
864 * @param *name Username to lookup
865 * @param **grp Pointer to resulting struct group* from the query.
869 wbcErr wbcGetgrnam(const char *name, struct group **grp);
872 * @brief Fill in a struct passwd* for a domain user based
875 * @param gid Uid to lookup
876 * @param **grp Pointer to resulting struct group* from the query.
880 wbcErr wbcGetgrgid(gid_t gid, struct group **grp);
883 * @brief Reset the passwd iterator
887 wbcErr wbcSetpwent(void);
890 * @brief Close the passwd iterator
894 wbcErr wbcEndpwent(void);
897 * @brief Return the next struct passwd* entry from the pwent iterator
899 * @param **pwd Pointer to resulting struct passwd* from the query.
903 wbcErr wbcGetpwent(struct passwd **pwd);
906 * @brief Reset the group iterator
910 wbcErr wbcSetgrent(void);
913 * @brief Close the group iterator
917 wbcErr wbcEndgrent(void);
920 * @brief Return the next struct group* entry from the pwent iterator
922 * @param **grp Pointer to resulting struct group* from the query.
926 wbcErr wbcGetgrent(struct group **grp);
929 * @brief Return the next struct group* entry from the pwent iterator
931 * This is similar to #wbcGetgrent, just that the member list is empty
933 * @param **grp Pointer to resulting struct group* from the query.
937 wbcErr wbcGetgrlist(struct group **grp);
940 * @brief Return the unix group array belonging to the given user
942 * @param *account The given user name
943 * @param *num_groups Number of elements returned in the groups array
944 * @param **_groups Pointer to resulting gid_t array.
948 wbcErr wbcGetGroups(const char *account,
949 uint32_t *num_groups,
953 /**********************************************************
954 * Lookup Domain information
955 **********************************************************/
958 * @brief Lookup the current status of a trusted domain
960 * @param domain Domain to query
961 * @param *info Pointer to returned domain_info struct
965 wbcErr wbcDomainInfo(const char *domain,
966 struct wbcDomainInfo **info);
969 * @brief Lookup the currently contacted DCs
971 * @param domain The domain to query
973 * @param num_dcs Number of DCs currently known
974 * @param dc_names Names of the currently known DCs
975 * @param dc_ips IP addresses of the currently known DCs
979 wbcErr wbcDcInfo(const char *domain, size_t *num_dcs,
980 const char ***dc_names, const char ***dc_ips);
983 * @brief Enumerate the domain trusts known by Winbind
985 * @param **domains Pointer to the allocated domain list array
986 * @param *num_domains Pointer to number of domains returned
990 wbcErr wbcListTrusts(struct wbcDomainInfo **domains,
991 size_t *num_domains);
993 /* Flags for wbcLookupDomainController */
995 #define WBC_LOOKUP_DC_FORCE_REDISCOVERY 0x00000001
996 #define WBC_LOOKUP_DC_DS_REQUIRED 0x00000010
997 #define WBC_LOOKUP_DC_DS_PREFERRED 0x00000020
998 #define WBC_LOOKUP_DC_GC_SERVER_REQUIRED 0x00000040
999 #define WBC_LOOKUP_DC_PDC_REQUIRED 0x00000080
1000 #define WBC_LOOKUP_DC_BACKGROUND_ONLY 0x00000100
1001 #define WBC_LOOKUP_DC_IP_REQUIRED 0x00000200
1002 #define WBC_LOOKUP_DC_KDC_REQUIRED 0x00000400
1003 #define WBC_LOOKUP_DC_TIMESERV_REQUIRED 0x00000800
1004 #define WBC_LOOKUP_DC_WRITABLE_REQUIRED 0x00001000
1005 #define WBC_LOOKUP_DC_GOOD_TIMESERV_PREFERRED 0x00002000
1006 #define WBC_LOOKUP_DC_AVOID_SELF 0x00004000
1007 #define WBC_LOOKUP_DC_ONLY_LDAP_NEEDED 0x00008000
1008 #define WBC_LOOKUP_DC_IS_FLAT_NAME 0x00010000
1009 #define WBC_LOOKUP_DC_IS_DNS_NAME 0x00020000
1010 #define WBC_LOOKUP_DC_TRY_NEXTCLOSEST_SITE 0x00040000
1011 #define WBC_LOOKUP_DC_DS_6_REQUIRED 0x00080000
1012 #define WBC_LOOKUP_DC_RETURN_DNS_NAME 0x40000000
1013 #define WBC_LOOKUP_DC_RETURN_FLAT_NAME 0x80000000
1016 * @brief Enumerate the domain trusts known by Winbind
1018 * @param domain Name of the domain to query for a DC
1019 * @param flags Bit flags used to control the domain location query
1020 * @param *dc_info Pointer to the returned domain controller information
1024 wbcErr wbcLookupDomainController(const char *domain,
1026 struct wbcDomainControllerInfo **dc_info);
1029 * @brief Get extended domain controller information
1031 * @param domain Name of the domain to query for a DC
1032 * @param guid Guid of the domain to query for a DC
1033 * @param site Site of the domain to query for a DC
1034 * @param flags Bit flags used to control the domain location query
1035 * @param *dc_info Pointer to the returned extended domain controller information
1039 wbcErr wbcLookupDomainControllerEx(const char *domain,
1040 struct wbcGuid *guid,
1043 struct wbcDomainControllerInfoEx **dc_info);
1045 /**********************************************************
1046 * Athenticate functions
1047 **********************************************************/
1050 * @brief Authenticate a username/password pair
1052 * @param username Name of user to authenticate
1053 * @param password Clear text password os user
1057 wbcErr wbcAuthenticateUser(const char *username,
1058 const char *password);
1061 * @brief Authenticate with more detailed information
1063 * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH
1064 * is not supported yet
1065 * @param info Output details on WBC_ERR_SUCCESS
1066 * @param error Output details on WBC_ERR_AUTH_ERROR
1070 wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params,
1071 struct wbcAuthUserInfo **info,
1072 struct wbcAuthErrorInfo **error);
1075 * @brief Logon a User
1077 * @param[in] params Pointer to a wbcLogonUserParams structure
1078 * @param[out] info Pointer to a pointer to a wbcLogonUserInfo structure
1079 * @param[out] error Pointer to a pointer to a wbcAuthErrorInfo structure
1080 * @param[out] policy Pointer to a pointer to a wbcUserPasswordPolicyInfo structure
1084 wbcErr wbcLogonUser(const struct wbcLogonUserParams *params,
1085 struct wbcLogonUserInfo **info,
1086 struct wbcAuthErrorInfo **error,
1087 struct wbcUserPasswordPolicyInfo **policy);
1090 * @brief Trigger a logoff notification to Winbind for a specific user
1092 * @param username Name of user to remove from Winbind's list of
1094 * @param uid Uid assigned to the username
1095 * @param ccfilename Absolute path to the Krb5 credentials cache to
1100 wbcErr wbcLogoffUser(const char *username,
1102 const char *ccfilename);
1105 * @brief Trigger an extended logoff notification to Winbind for a specific user
1107 * @param params A wbcLogoffUserParams structure
1108 * @param error User output details on error
1112 wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params,
1113 struct wbcAuthErrorInfo **error);
1116 * @brief Change a password for a user
1118 * @param username Name of user to authenticate
1119 * @param old_password Old clear text password of user
1120 * @param new_password New clear text password of user
1124 wbcErr wbcChangeUserPassword(const char *username,
1125 const char *old_password,
1126 const char *new_password);
1129 * @brief Change a password for a user with more detailed information upon
1132 * @param params Input parameters
1133 * @param error User output details on WBC_ERR_PWD_CHANGE_FAILED
1134 * @param reject_reason New password reject reason on WBC_ERR_PWD_CHANGE_FAILED
1135 * @param policy Password policy output details on WBC_ERR_PWD_CHANGE_FAILED
1139 wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params,
1140 struct wbcAuthErrorInfo **error,
1141 enum wbcPasswordChangeRejectReason *reject_reason,
1142 struct wbcUserPasswordPolicyInfo **policy);
1145 * @brief Authenticate a user with cached credentials
1147 * @param *params Pointer to a wbcCredentialCacheParams structure
1148 * @param **info Pointer to a pointer to a wbcCredentialCacheInfo structure
1149 * @param **error Pointer to a pointer to a wbcAuthErrorInfo structure
1153 wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params,
1154 struct wbcCredentialCacheInfo **info,
1155 struct wbcAuthErrorInfo **error);
1157 /**********************************************************
1159 **********************************************************/
1162 * @brief Resolve a NetbiosName via WINS
1164 * @param name Name to resolve
1165 * @param *ip Pointer to the ip address string
1169 wbcErr wbcResolveWinsByName(const char *name, char **ip);
1172 * @brief Resolve an IP address via WINS into a NetbiosName
1174 * @param ip The ip address string
1175 * @param *name Pointer to the name
1180 wbcErr wbcResolveWinsByIP(const char *ip, char **name);
1182 /**********************************************************
1183 * Trusted domain functions
1184 **********************************************************/
1187 * @brief Trigger a verification of the trust credentials of a specific domain
1189 * @param *domain The name of the domain, only NULL for the default domain is
1190 * supported yet. Other values than NULL will result in
1191 * WBC_ERR_NOT_IMPLEMENTED.
1192 * @param error Output details on WBC_ERR_AUTH_ERROR
1196 wbcErr wbcCheckTrustCredentials(const char *domain,
1197 struct wbcAuthErrorInfo **error);
1200 * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost
1201 * version of wbcCheckTrustCredentials
1203 * @param *domain The name of the domain, only NULL for the default domain is
1204 * supported yet. Other values than NULL will result in
1205 * WBC_ERR_NOT_IMPLEMENTED.
1206 * @param error Output details on WBC_ERR_AUTH_ERROR
1210 wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error);
1212 /**********************************************************
1214 **********************************************************/
1217 * @brief Initialize a named blob and add to list of blobs
1219 * @param[in,out] num_blobs Pointer to the number of blobs
1220 * @param[in,out] blobs Pointer to an array of blobs
1221 * @param[in] name Name of the new named blob
1222 * @param[in] flags Flags of the new named blob
1223 * @param[in] data Blob data of new blob
1224 * @param[in] length Blob data length of new blob
1228 wbcErr wbcAddNamedBlob(size_t *num_blobs,
1229 struct wbcNamedBlob **blobs,
1235 #endif /* _WBCLIENT_H */