source/nsswitch/winbindd_nss.h

   1 /*
   2    Unix SMB/CIFS implementation.
   3
   4    Winbind daemon for ntdom nss module
   5
   6    Copyright (C) Tim Potter 2000
   7
   8    You are free to use this interface definition in any way you see
   9    fit, including without restriction, using this header in your own
  10    products. You do not need to give any attribution.
  11 */
  12
  13
  14 #ifndef CONST_DISCARD
  15 #define CONST_DISCARD(type, ptr)      ((type) ((void *) (ptr)))
  16 #endif
  17
  18 #ifndef CONST_ADD
  19 #define CONST_ADD(type, ptr)          ((type) ((const void *) (ptr)))
  20 #endif
  21
  22 #ifndef SAFE_FREE
  23 #define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0)
  24 #endif
  25
  26 #ifndef _WINBINDD_NTDOM_H
  27 #define _WINBINDD_NTDOM_H
  28
  29 #define WINBINDD_SOCKET_NAME "pipe"            /* Name of PF_UNIX socket */
  30 #define WINBINDD_SOCKET_DIR  "/tmp/.winbindd"  /* Name of PF_UNIX dir */
  31 #define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */
  32 #define WINBINDD_DOMAIN_ENV  "WINBINDD_DOMAIN" /* Environment variables */
  33 #define WINBINDD_DONT_ENV    "_NO_WINBINDD"
  34
  35 /* Update this when you change the interface.  */
  36
  37 #define WINBIND_INTERFACE_VERSION 15
  38
  39 /* Socket commands */
  40
  41 enum winbindd_cmd {
  42
  43         WINBINDD_INTERFACE_VERSION,    /* Always a well known value */
  44
  45         /* Get users and groups */
  46
  47         WINBINDD_GETPWNAM,
  48         WINBINDD_GETPWUID,
  49         WINBINDD_GETGRNAM,
  50         WINBINDD_GETGRGID,
  51         WINBINDD_GETGROUPS,
  52
  53         /* Enumerate users and groups */
  54
  55         WINBINDD_SETPWENT,
  56         WINBINDD_ENDPWENT,
  57         WINBINDD_GETPWENT,
  58         WINBINDD_SETGRENT,
  59         WINBINDD_ENDGRENT,
  60         WINBINDD_GETGRENT,
  61
  62         /* PAM authenticate and password change */
  63
  64         WINBINDD_PAM_AUTH,
  65         WINBINDD_PAM_AUTH_CRAP,
  66         WINBINDD_PAM_CHAUTHTOK,
  67         WINBINDD_PAM_LOGOFF,
  68         WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP,
  69
  70         /* List various things */
  71
  72         WINBINDD_LIST_USERS,         /* List w/o rid->id mapping */
  73         WINBINDD_LIST_GROUPS,        /* Ditto */
  74         WINBINDD_LIST_TRUSTDOM,
  75
  76         /* SID conversion */
  77
  78         WINBINDD_LOOKUPSID,
  79         WINBINDD_LOOKUPNAME,
  80         WINBINDD_LOOKUPRIDS,
  81
  82         /* Lookup functions */
  83
  84         WINBINDD_SID_TO_UID,
  85         WINBINDD_SID_TO_GID,
  86         WINBINDD_UID_TO_SID,
  87         WINBINDD_GID_TO_SID,
  88
  89         WINBINDD_ALLOCATE_UID,
  90         WINBINDD_ALLOCATE_GID,
  91
  92         /* Miscellaneous other stuff */
  93
  94         WINBINDD_CHECK_MACHACC,     /* Check machine account pw works */
  95         WINBINDD_PING,              /* Just tell me winbind is running */
  96         WINBINDD_INFO,              /* Various bit of info.  Currently just tidbits */
  97         WINBINDD_DOMAIN_NAME,       /* The domain this winbind server is a member of (lp_workgroup()) */
  98
  99         WINBINDD_DOMAIN_INFO,   /* Most of what we know from
 100                                    struct winbindd_domain */
 101         WINBINDD_GETDCNAME,     /* Issue a GetDCName Request */
 102
 103         WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */
 104
 105         /* WINS commands */
 106
 107         WINBINDD_WINS_BYIP,
 108         WINBINDD_WINS_BYNAME,
 109
 110         /* this is like GETGRENT but gives an empty group list */
 111         WINBINDD_GETGRLST,
 112
 113         WINBINDD_NETBIOS_NAME,       /* The netbios name of the server */
 114
 115         /* find the location of our privileged pipe */
 116         WINBINDD_PRIV_PIPE_DIR,
 117
 118         /* return a list of group sids for a user sid */
 119         WINBINDD_GETUSERSIDS,
 120
 121         /* Various group queries */
 122         WINBINDD_GETUSERDOMGROUPS,
 123
 124         /* Initialize connection in a child */
 125         WINBINDD_INIT_CONNECTION,
 126
 127         /* Blocking calls that are not allowed on the main winbind pipe, only
 128          * between parent and children */
 129         WINBINDD_DUAL_SID2UID,
 130         WINBINDD_DUAL_SID2GID,
 131         WINBINDD_DUAL_IDMAPSET,
 132
 133         /* Wrapper around possibly blocking unix nss calls */
 134         WINBINDD_DUAL_UID2NAME,
 135         WINBINDD_DUAL_NAME2UID,
 136         WINBINDD_DUAL_GID2NAME,
 137         WINBINDD_DUAL_NAME2GID,
 138
 139         WINBINDD_DUAL_USERINFO,
 140         WINBINDD_DUAL_GETSIDALIASES,
 141
 142         WINBINDD_NUM_CMDS
 143 };
 144
 145 typedef struct winbindd_pw {
 146         fstring pw_name;
 147         fstring pw_passwd;
 148         uid_t pw_uid;
 149         gid_t pw_gid;
 150         fstring pw_gecos;
 151         fstring pw_dir;
 152         fstring pw_shell;
 153 } WINBINDD_PW;
 154
 155
 156 typedef struct winbindd_gr {
 157         fstring gr_name;
 158         fstring gr_passwd;
 159         gid_t gr_gid;
 160         uint32 num_gr_mem;
 161         uint32 gr_mem_ofs;   /* offset to group membership */
 162 } WINBINDD_GR;
 163
 164
 165 #define WBFLAG_PAM_INFO3_NDR            0x0001
 166 #define WBFLAG_PAM_INFO3_TEXT           0x0002
 167 #define WBFLAG_PAM_USER_SESSION_KEY     0x0004
 168 #define WBFLAG_PAM_LMKEY                0x0008
 169 #define WBFLAG_PAM_CONTACT_TRUSTDOM     0x0010
 170 #define WBFLAG_QUERY_ONLY               0x0020
 171 #define WBFLAG_PAM_UNIX_NAME            0x0080
 172 #define WBFLAG_PAM_AFS_TOKEN            0x0100
 173 #define WBFLAG_PAM_NT_STATUS_SQUASH     0x0200
 174
 175 /* This is a flag that can only be sent from parent to child */
 176 #define WBFLAG_IS_PRIVILEGED            0x0400
 177 /* Flag to say this is a winbindd internal send - don't recurse. */
 178 #define WBFLAG_RECURSE                  0x0800
 179
 180 #define WBFLAG_PAM_KRB5                 0x1000
 181 #define WBFLAG_PAM_FALLBACK_AFTER_KRB5  0x2000
 182 #define WBFLAG_PAM_CACHED_LOGIN         0x4000
 183 #define WBFLAG_PAM_GET_PWD_POLICY       0x8000
 184
 185 #define WINBINDD_MAX_EXTRA_DATA (128*1024)
 186
 187 /* Winbind request structure */
 188
 189 struct winbindd_request {
 190         uint32 length;
 191         enum winbindd_cmd cmd;   /* Winbindd command to execute */
 192         pid_t pid;               /* pid of calling process */
 193         uint32 flags;            /* flags relavant to a given request */
 194         fstring domain_name;    /* name of domain for which the request applies */
 195
 196         union {
 197                 fstring winsreq;     /* WINS request */
 198                 fstring username;    /* getpwnam */
 199                 fstring groupname;   /* getgrnam */
 200                 uid_t uid;           /* getpwuid, uid_to_sid */
 201                 gid_t gid;           /* getgrgid, gid_to_sid */
 202                 struct {
 203                         /* We deliberatedly don't split into domain/user to
 204                            avoid having the client know what the separator
 205                            character is. */
 206                         fstring user;
 207                         fstring pass;
 208                         fstring require_membership_of_sid;
 209                         fstring krb5_cc_type;
 210                         uid_t uid;
 211                 } auth;              /* pam_winbind auth module */
 212                 struct {
 213                         unsigned char chal[8];
 214                         uint32 logon_parameters;
 215                         fstring user;
 216                         fstring domain;
 217                         fstring lm_resp;
 218                         uint16 lm_resp_len;
 219                         fstring nt_resp;
 220                         uint16 nt_resp_len;
 221                         fstring workstation;
 222                         fstring require_membership_of_sid;
 223                 } auth_crap;
 224                 struct {
 225                     fstring user;
 226                     fstring oldpass;
 227                     fstring newpass;
 228                 } chauthtok;         /* pam_winbind passwd module */
 229                 struct {
 230                         fstring user;
 231                         fstring domain;
 232                         unsigned char new_nt_pswd[516];
 233                         uint16  new_nt_pswd_len;
 234                         unsigned char old_nt_hash_enc[16];
 235                         uint16  old_nt_hash_enc_len;
 236                         unsigned char new_lm_pswd[516];
 237                         uint16  new_lm_pswd_len;
 238                         unsigned char old_lm_hash_enc[16];
 239                         uint16  old_lm_hash_enc_len;
 240                 } chng_pswd_auth_crap;/* pam_winbind passwd module */
 241                 struct {
 242                         fstring user;
 243                         fstring krb5ccname;
 244                         uid_t uid;
 245                 } logoff;              /* pam_winbind session module */
 246                 fstring sid;         /* lookupsid, sid_to_[ug]id */
 247                 struct {
 248                         fstring dom_name;       /* lookupname */
 249                         fstring name;
 250                 } name;
 251                 uint32 num_entries;  /* getpwent, getgrent */
 252                 struct {
 253                         fstring username;
 254                         fstring groupname;
 255                 } acct_mgt;
 256                 struct {
 257                         BOOL is_primary;
 258                         fstring dcname;
 259                 } init_conn;
 260                 struct {
 261                         fstring sid;
 262                         fstring name;
 263                         BOOL alloc;
 264                 } dual_sid2id;
 265                 struct {
 266                         int type;
 267                         uid_t uid;
 268                         gid_t gid;
 269                         fstring sid;
 270                 } dual_idmapset;
 271                 BOOL list_all_domains;
 272         } data;
 273         union {
 274 #if defined(uint64)
 275                 uint64 z;
 276 #endif
 277                 char *data;
 278         } extra_data;
 279         uint32 extra_len;
 280         char null_term;
 281 };
 282
 283 /* Response values */
 284
 285 enum winbindd_result {
 286         WINBINDD_ERROR,
 287         WINBINDD_PENDING,
 288         WINBINDD_OK
 289 };
 290
 291 /* Winbind response structure */
 292
 293 struct winbindd_response {
 294
 295         /* Header information */
 296
 297         uint32 length;                        /* Length of response */
 298         enum winbindd_result result;          /* Result code */
 299
 300         /* Fixed length return data */
 301
 302         union {
 303                 int interface_version;  /* Try to ensure this is always in the same spot... */
 304
 305                 fstring winsresp;               /* WINS response */
 306
 307                 /* getpwnam, getpwuid */
 308
 309                 struct winbindd_pw pw;
 310
 311                 /* getgrnam, getgrgid */
 312
 313                 struct winbindd_gr gr;
 314
 315                 uint32 num_entries; /* getpwent, getgrent */
 316                 struct winbindd_sid {
 317                         fstring sid;        /* lookupname, [ug]id_to_sid */
 318                         int type;
 319                 } sid;
 320                 struct winbindd_name {
 321                         fstring dom_name;       /* lookupsid */
 322                         fstring name;
 323                         int type;
 324                 } name;
 325                 uid_t uid;          /* sid_to_uid */
 326                 gid_t gid;          /* sid_to_gid */
 327                 struct winbindd_info {
 328                         char winbind_separator;
 329                         fstring samba_version;
 330                 } info;
 331                 fstring domain_name;
 332                 fstring netbios_name;
 333                 fstring dc_name;
 334
 335                 struct auth_reply {
 336                         uint32 nt_status;
 337                         fstring nt_status_string;
 338                         fstring error_string;
 339                         int pam_error;
 340                         char user_session_key[16];
 341                         char first_8_lm_hash[8];
 342                         fstring krb5ccname;
 343                         struct policy_settings {
 344                                 uint16 min_length_password;
 345                                 uint16 password_history;
 346                                 uint32 password_properties;
 347                                 time_t expire;
 348                                 time_t min_passwordage;
 349                         } policy;
 350                         uint32 reject_reason;
 351                         struct info3_text {
 352                                 time_t logon_time;
 353                                 time_t logoff_time;
 354                                 time_t kickoff_time;
 355                                 time_t pass_last_set_time;
 356                                 time_t pass_can_change_time;
 357                                 time_t pass_must_change_time;
 358                                 uint16 logon_count;
 359                                 uint16 bad_pw_count;
 360                                 uint32 user_rid;
 361                                 uint32 group_rid;
 362                                 fstring dom_sid;
 363                                 uint32 num_groups;
 364                                 uint32 user_flgs;
 365                                 uint32 acct_flags;
 366                                 uint32 num_other_sids;
 367                                 fstring user_name;
 368                                 fstring full_name;
 369                                 fstring logon_script;
 370                                 fstring profile_path;
 371                                 fstring home_dir;
 372                                 fstring dir_drive;
 373                                 fstring logon_srv;
 374                                 fstring logon_dom;
 375                         } info3;
 376                 } auth;
 377                 struct {
 378                         fstring name;
 379                         fstring alt_name;
 380                         fstring sid;
 381                         BOOL native_mode;
 382                         BOOL active_directory;
 383                         BOOL primary;
 384                         uint32 sequence_number;
 385                 } domain_info;
 386                 struct {
 387                         fstring acct_name;
 388                         fstring full_name;
 389                         fstring homedir;
 390                         fstring shell;
 391                         uint32 group_rid;
 392                 } user_info;
 393         } data;
 394
 395         /* Variable length return data */
 396
 397         union {
 398 #if defined(uint64)
 399                 uint64 z;
 400 #endif
 401                 void *data;
 402         } extra_data;
 403 };
 404
 405 struct WINBINDD_CCACHE_ENTRY {
 406         const char *principal_name;
 407         const char *ccname;
 408         const char *service;
 409         const char *username;
 410         const char *sid_string;
 411         char *pass;
 412         uid_t uid;
 413         time_t create_time;
 414         time_t renew_until;
 415         BOOL refresh_tgt;
 416         time_t refresh_time;
 417         struct timed_event *event;
 418         struct WINBINDD_CCACHE_ENTRY *next, *prev;
 419 };
 420
 421 #endif