2 Unix SMB/CIFS implementation.
4 Winbind daemon for ntdom nss module
6 Copyright (C) Tim Potter 2000
8 You are free to use this interface definition in any way you see
9 fit, including without restriction, using this header in your own
10 products. You do not need to give any attribution.
15 #define CONST_DISCARD(type, ptr) ((type) ((void *) (ptr)))
19 #define CONST_ADD(type, ptr) ((type) ((const void *) (ptr)))
23 #define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0)
26 #ifndef _WINBINDD_NTDOM_H
27 #define _WINBINDD_NTDOM_H
29 #define WINBINDD_SOCKET_NAME "pipe" /* Name of PF_UNIX socket */
30 #define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */
31 #define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */
32 #define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */
33 #define WINBINDD_DONT_ENV "_NO_WINBINDD"
35 /* Update this when you change the interface. */
37 #define WINBIND_INTERFACE_VERSION 15
43 WINBINDD_INTERFACE_VERSION, /* Always a well known value */
45 /* Get users and groups */
53 /* Enumerate users and groups */
62 /* PAM authenticate and password change */
65 WINBINDD_PAM_AUTH_CRAP,
66 WINBINDD_PAM_CHAUTHTOK,
68 WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP,
70 /* List various things */
72 WINBINDD_LIST_USERS, /* List w/o rid->id mapping */
73 WINBINDD_LIST_GROUPS, /* Ditto */
74 WINBINDD_LIST_TRUSTDOM,
82 /* Lookup functions */
89 WINBINDD_ALLOCATE_UID,
90 WINBINDD_ALLOCATE_GID,
92 /* Miscellaneous other stuff */
94 WINBINDD_CHECK_MACHACC, /* Check machine account pw works */
95 WINBINDD_PING, /* Just tell me winbind is running */
96 WINBINDD_INFO, /* Various bit of info. Currently just tidbits */
97 WINBINDD_DOMAIN_NAME, /* The domain this winbind server is a member of (lp_workgroup()) */
99 WINBINDD_DOMAIN_INFO, /* Most of what we know from
100 struct winbindd_domain */
101 WINBINDD_GETDCNAME, /* Issue a GetDCName Request */
103 WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */
108 WINBINDD_WINS_BYNAME,
110 /* this is like GETGRENT but gives an empty group list */
113 WINBINDD_NETBIOS_NAME, /* The netbios name of the server */
115 /* find the location of our privileged pipe */
116 WINBINDD_PRIV_PIPE_DIR,
118 /* return a list of group sids for a user sid */
119 WINBINDD_GETUSERSIDS,
121 /* Various group queries */
122 WINBINDD_GETUSERDOMGROUPS,
124 /* Initialize connection in a child */
125 WINBINDD_INIT_CONNECTION,
127 /* Blocking calls that are not allowed on the main winbind pipe, only
128 * between parent and children */
129 WINBINDD_DUAL_SID2UID,
130 WINBINDD_DUAL_SID2GID,
131 WINBINDD_DUAL_IDMAPSET,
133 /* Wrapper around possibly blocking unix nss calls */
134 WINBINDD_DUAL_UID2NAME,
135 WINBINDD_DUAL_NAME2UID,
136 WINBINDD_DUAL_GID2NAME,
137 WINBINDD_DUAL_NAME2GID,
139 WINBINDD_DUAL_USERINFO,
140 WINBINDD_DUAL_GETSIDALIASES,
145 typedef struct winbindd_pw {
156 typedef struct winbindd_gr {
161 uint32 gr_mem_ofs; /* offset to group membership */
165 #define WBFLAG_PAM_INFO3_NDR 0x0001
166 #define WBFLAG_PAM_INFO3_TEXT 0x0002
167 #define WBFLAG_PAM_USER_SESSION_KEY 0x0004
168 #define WBFLAG_PAM_LMKEY 0x0008
169 #define WBFLAG_PAM_CONTACT_TRUSTDOM 0x0010
170 #define WBFLAG_QUERY_ONLY 0x0020
171 #define WBFLAG_PAM_UNIX_NAME 0x0080
172 #define WBFLAG_PAM_AFS_TOKEN 0x0100
173 #define WBFLAG_PAM_NT_STATUS_SQUASH 0x0200
175 /* This is a flag that can only be sent from parent to child */
176 #define WBFLAG_IS_PRIVILEGED 0x0400
177 /* Flag to say this is a winbindd internal send - don't recurse. */
178 #define WBFLAG_RECURSE 0x0800
180 #define WBFLAG_PAM_KRB5 0x1000
181 #define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x2000
182 #define WBFLAG_PAM_CACHED_LOGIN 0x4000
183 #define WBFLAG_PAM_GET_PWD_POLICY 0x8000
185 #define WINBINDD_MAX_EXTRA_DATA (128*1024)
187 /* Winbind request structure */
189 struct winbindd_request {
191 enum winbindd_cmd cmd; /* Winbindd command to execute */
192 pid_t pid; /* pid of calling process */
193 uint32 flags; /* flags relavant to a given request */
194 fstring domain_name; /* name of domain for which the request applies */
197 fstring winsreq; /* WINS request */
198 fstring username; /* getpwnam */
199 fstring groupname; /* getgrnam */
200 uid_t uid; /* getpwuid, uid_to_sid */
201 gid_t gid; /* getgrgid, gid_to_sid */
203 /* We deliberatedly don't split into domain/user to
204 avoid having the client know what the separator
208 fstring require_membership_of_sid;
209 fstring krb5_cc_type;
211 } auth; /* pam_winbind auth module */
213 unsigned char chal[8];
214 uint32 logon_parameters;
222 fstring require_membership_of_sid;
228 } chauthtok; /* pam_winbind passwd module */
232 unsigned char new_nt_pswd[516];
233 uint16 new_nt_pswd_len;
234 unsigned char old_nt_hash_enc[16];
235 uint16 old_nt_hash_enc_len;
236 unsigned char new_lm_pswd[516];
237 uint16 new_lm_pswd_len;
238 unsigned char old_lm_hash_enc[16];
239 uint16 old_lm_hash_enc_len;
240 } chng_pswd_auth_crap;/* pam_winbind passwd module */
245 } logoff; /* pam_winbind session module */
246 fstring sid; /* lookupsid, sid_to_[ug]id */
248 fstring dom_name; /* lookupname */
251 uint32 num_entries; /* getpwent, getgrent */
271 BOOL list_all_domains;
283 /* Response values */
285 enum winbindd_result {
291 /* Winbind response structure */
293 struct winbindd_response {
295 /* Header information */
297 uint32 length; /* Length of response */
298 enum winbindd_result result; /* Result code */
300 /* Fixed length return data */
303 int interface_version; /* Try to ensure this is always in the same spot... */
305 fstring winsresp; /* WINS response */
307 /* getpwnam, getpwuid */
309 struct winbindd_pw pw;
311 /* getgrnam, getgrgid */
313 struct winbindd_gr gr;
315 uint32 num_entries; /* getpwent, getgrent */
316 struct winbindd_sid {
317 fstring sid; /* lookupname, [ug]id_to_sid */
320 struct winbindd_name {
321 fstring dom_name; /* lookupsid */
325 uid_t uid; /* sid_to_uid */
326 gid_t gid; /* sid_to_gid */
327 struct winbindd_info {
328 char winbind_separator;
329 fstring samba_version;
332 fstring netbios_name;
337 fstring nt_status_string;
338 fstring error_string;
340 char user_session_key[16];
341 char first_8_lm_hash[8];
343 struct policy_settings {
344 uint16 min_length_password;
345 uint16 password_history;
346 uint32 password_properties;
348 time_t min_passwordage;
350 uint32 reject_reason;
355 time_t pass_last_set_time;
356 time_t pass_can_change_time;
357 time_t pass_must_change_time;
366 uint32 num_other_sids;
369 fstring logon_script;
370 fstring profile_path;
382 BOOL active_directory;
384 uint32 sequence_number;
395 /* Variable length return data */
405 struct WINBINDD_CCACHE_ENTRY {
406 const char *principal_name;
409 const char *username;
410 const char *sid_string;
417 struct timed_event *event;
418 struct WINBINDD_CCACHE_ENTRY *next, *prev;