2007-12-21 20:57:34 +03:00
/*
Unix SMB / CIFS implementation .
Winbind client API
Copyright ( C ) Gerald ( Jerry ) Carter 2007
This library is free software ; you can redistribute it and / or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation ; either
version 3 of the License , or ( at your option ) any later version .
This library is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the GNU
Library General Public License for more details .
You should have received a copy of the GNU Lesser General Public License
along with this program . If not , see < http : //www.gnu.org/licenses/>.
*/
# ifndef _WBCLIENT_H
# define _WBCLIENT_H
# include <pwd.h>
2008-01-15 12:24:09 +03:00
# include <grp.h>
/* Define error types */
/**
* @ brief Status codes returned from wbc functions
* */
enum _wbcErrType {
WBC_ERR_SUCCESS = 0 , /**< Successful completion **/
WBC_ERR_NOT_IMPLEMENTED , /**< Function not implemented **/
WBC_ERR_UNKNOWN_FAILURE , /**< General failure **/
WBC_ERR_NO_MEMORY , /**< Memory allocation error **/
WBC_ERR_INVALID_SID , /**< Invalid SID format **/
WBC_ERR_INVALID_PARAM , /**< An Invalid parameter was supplied **/
WBC_ERR_WINBIND_NOT_AVAILABLE , /**< Winbind daemon is not available **/
WBC_ERR_DOMAIN_NOT_FOUND , /**< Domain is not trusted or cannot be found **/
WBC_INVALID_RESPONSE , /**< Winbind returned an invalid response **/
2008-01-24 16:05:59 +03:00
WBC_ERR_NSS_ERROR , /**< NSS_STATUS error **/
WBC_ERR_AUTH_ERROR /**< Authentication failed **/
2008-01-15 12:24:09 +03:00
} ;
typedef enum _wbcErrType wbcErr ;
# define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS)
2008-02-11 18:29:28 +03:00
const char * wbcErrorString ( wbcErr error ) ;
2007-12-21 20:57:34 +03:00
2008-03-28 18:52:18 +03:00
/**
* @ brief Some useful details about the running winbindd
*
* */
struct wbcInterfaceDetails {
uint32_t interface_version ;
const char * winbind_version ;
char winbind_separator ;
const char * netbios_name ;
const char * netbios_domain ;
const char * dns_domain ;
} ;
2007-12-21 20:57:34 +03:00
/*
* Data types used by the Winbind Client API
*/
# ifndef MAXSUBAUTHS
# define MAXSUBAUTHS 15 /* max sub authorities in a SID */
# endif
/**
* @ brief Windows Security Identifier
*
* */
struct wbcDomainSid {
uint8_t sid_rev_num ;
uint8_t num_auths ;
uint8_t id_auth [ 6 ] ;
uint32_t sub_auths [ MAXSUBAUTHS ] ;
} ;
/**
* @ brief Security Identifier type
* */
enum wbcSidType {
WBC_SID_NAME_USE_NONE = 0 ,
WBC_SID_NAME_USER = 1 ,
WBC_SID_NAME_DOM_GRP = 2 ,
WBC_SID_NAME_DOMAIN = 3 ,
WBC_SID_NAME_ALIAS = 4 ,
WBC_SID_NAME_WKN_GRP = 5 ,
WBC_SID_NAME_DELETED = 6 ,
WBC_SID_NAME_INVALID = 7 ,
WBC_SID_NAME_UNKNOWN = 8 ,
WBC_SID_NAME_COMPUTER = 9
} ;
2008-01-24 16:05:59 +03:00
/**
* @ brief Security Identifier with attributes
* */
struct wbcSidWithAttr {
struct wbcDomainSid sid ;
uint32_t attributes ;
} ;
/* wbcSidWithAttr->attributes */
# define WBC_SID_ATTR_GROUP_MANDATORY 0x00000001
# define WBC_SID_ATTR_GROUP_ENABLED_BY_DEFAULT 0x00000002
# define WBC_SID_ATTR_GROUP_ENABLED 0x00000004
# define WBC_SID_ATTR_GROUP_OWNER 0x00000008
# define WBC_SID_ATTR_GROUP_USEFOR_DENY_ONLY 0x00000010
# define WBC_SID_ATTR_GROUP_RESOURCE 0x20000000
# define WBC_SID_ATTR_GROUP_LOGON_ID 0xC0000000
2007-12-21 20:57:34 +03:00
/**
* @ brief Domain Information
* */
struct wbcDomainInfo {
char * short_name ;
char * dns_name ;
struct wbcDomainSid sid ;
uint32_t flags ;
} ;
/* wbcDomainInfo->flags */
# define WBC_DOMINFO_NATIVE 0x00000001
# define WBC_DOMINFO_AD 0x00000002
# define WBC_DOMINFO_PRIMARY 0x00000004
2008-01-24 16:05:59 +03:00
/**
* @ brief Auth User Parameters
* */
struct wbcAuthUserParams {
const char * account_name ;
const char * domain_name ;
const char * workstation_name ;
uint32_t flags ;
uint32_t parameter_control ;
enum wbcAuthUserLevel {
WBC_AUTH_USER_LEVEL_PLAIN = 1 ,
WBC_AUTH_USER_LEVEL_HASH = 2 ,
WBC_AUTH_USER_LEVEL_RESPONSE = 3
} level ;
union {
const char * plaintext ;
struct {
uint8_t nt_hash [ 16 ] ;
uint8_t lm_hash [ 16 ] ;
} hash ;
struct {
uint8_t challenge [ 8 ] ;
uint32_t nt_length ;
uint8_t * nt_data ;
uint32_t lm_length ;
uint8_t * lm_data ;
} response ;
} password ;
} ;
/* wbcAuthUserParams->parameter_control */
# define WBC_MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x00000002
# define WBC_MSV1_0_UPDATE_LOGON_STATISTICS 0x00000004
# define WBC_MSV1_0_RETURN_USER_PARAMETERS 0x00000008
# define WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x00000020
# define WBC_MSV1_0_RETURN_PROFILE_PATH 0x00000200
# define WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x00000800
/* wbcAuthUserParams->flags */
# define WBC_AUTH_PARAM_FLAGS_INTERACTIVE_LOGON 0x00000001
/**
* @ brief Auth User Information
*
* Some of the strings are maybe NULL
* */
struct wbcAuthUserInfo {
uint32_t user_flags ;
char * account_name ;
char * user_principal ;
char * full_name ;
char * domain_name ;
char * dns_domain_name ;
uint32_t acct_flags ;
uint8_t user_session_key [ 16 ] ;
uint8_t lm_session_key [ 8 ] ;
uint16_t logon_count ;
uint16_t bad_password_count ;
uint64_t logon_time ;
uint64_t logoff_time ;
uint64_t kickoff_time ;
uint64_t pass_last_set_time ;
uint64_t pass_can_change_time ;
uint64_t pass_must_change_time ;
char * logon_server ;
char * logon_script ;
char * profile_path ;
char * home_directory ;
char * home_drive ;
/*
* the 1 st one is the account sid
* the 2 nd one is the primary_group sid
* followed by the rest of the groups
*/
uint32_t num_sids ;
struct wbcSidWithAttr * sids ;
} ;
/* wbcAuthUserInfo->user_flags */
# define WBC_AUTH_USER_INFO_GUEST 0x00000001
# define WBC_AUTH_USER_INFO_NOENCRYPTION 0x00000002
# define WBC_AUTH_USER_INFO_CACHED_ACCOUNT 0x00000004
# define WBC_AUTH_USER_INFO_USED_LM_PASSWORD 0x00000008
# define WBC_AUTH_USER_INFO_EXTRA_SIDS 0x00000020
# define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY 0x00000040
# define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT 0x00000080
# define WBC_AUTH_USER_INFO_NTLMV2_ENABLED 0x00000100
# define WBC_AUTH_USER_INFO_RESOURCE_GROUPS 0x00000200
# define WBC_AUTH_USER_INFO_PROFILE_PATH_RETURNED 0x00000400
# define WBC_AUTH_USER_INFO_GRACE_LOGON 0x01000000
/* wbcAuthUserInfo->acct_flags */
# define WBC_ACB_DISABLED 0x00000001 /* 1 User account disabled */
# define WBC_ACB_HOMDIRREQ 0x00000002 /* 1 Home directory required */
# define WBC_ACB_PWNOTREQ 0x00000004 /* 1 User password not required */
# define WBC_ACB_TEMPDUP 0x00000008 /* 1 Temporary duplicate account */
# define WBC_ACB_NORMAL 0x00000010 /* 1 Normal user account */
# define WBC_ACB_MNS 0x00000020 /* 1 MNS logon user account */
# define WBC_ACB_DOMTRUST 0x00000040 /* 1 Interdomain trust account */
# define WBC_ACB_WSTRUST 0x00000080 /* 1 Workstation trust account */
# define WBC_ACB_SVRTRUST 0x00000100 /* 1 Server trust account */
# define WBC_ACB_PWNOEXP 0x00000200 /* 1 User password does not expire */
# define WBC_ACB_AUTOLOCK 0x00000400 /* 1 Account auto locked */
# define WBC_ACB_ENC_TXT_PWD_ALLOWED 0x00000800 /* 1 Encryped text password is allowed */
# define WBC_ACB_SMARTCARD_REQUIRED 0x00001000 /* 1 Smart Card required */
# define WBC_ACB_TRUSTED_FOR_DELEGATION 0x00002000 /* 1 Trusted for Delegation */
# define WBC_ACB_NOT_DELEGATED 0x00004000 /* 1 Not delegated */
# define WBC_ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 Use DES key only */
# define WBC_ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 Preauth not required */
# define WBC_ACB_PW_EXPIRED 0x00020000 /* 1 Password Expired */
# define WBC_ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */
struct wbcAuthErrorInfo {
uint32_t nt_status ;
char * nt_string ;
int32_t pam_error ;
char * display_string ;
} ;
2007-12-21 20:57:34 +03:00
/*
* Memory Management
*/
void wbcFreeMemory ( void * ) ;
/*
* Utility functions for dealing with SIDs
*/
wbcErr wbcSidToString ( const struct wbcDomainSid * sid ,
char * * sid_string ) ;
wbcErr wbcStringToSid ( const char * sid_string ,
struct wbcDomainSid * sid ) ;
wbcErr wbcPing ( void ) ;
2008-03-28 18:52:18 +03:00
wbcErr wbcInterfaceDetails ( struct wbcInterfaceDetails * * details ) ;
2007-12-21 20:57:34 +03:00
/*
* Name / SID conversion
*/
wbcErr wbcLookupName ( const char * dom_name ,
const char * name ,
struct wbcDomainSid * sid ,
enum wbcSidType * name_type ) ;
wbcErr wbcLookupSid ( const struct wbcDomainSid * sid ,
char * * domain ,
char * * name ,
enum wbcSidType * name_type ) ;
wbcErr wbcLookupRids ( struct wbcDomainSid * dom_sid ,
int num_rids ,
uint32_t * rids ,
const char * * domain_name ,
const char * * * names ,
enum wbcSidType * * types ) ;
2008-03-21 12:18:54 +03:00
wbcErr wbcLookupUserSids ( const struct wbcDomainSid * user_sid ,
bool domain_groups_only ,
uint32_t * num_sids ,
struct wbcDomainSid * * sids ) ;
2008-03-24 22:31:37 +03:00
wbcErr wbcListUsers ( const char * domain_name ,
uint32_t * num_users ,
const char * * * users ) ;
wbcErr wbcListGroups ( const char * domain_name ,
uint32_t * num_groups ,
const char * * * groups ) ;
2007-12-21 20:57:34 +03:00
/*
* SID / uid / gid Mappings
*/
wbcErr wbcSidToUid ( const struct wbcDomainSid * sid ,
uid_t * puid ) ;
wbcErr wbcUidToSid ( uid_t uid ,
struct wbcDomainSid * sid ) ;
wbcErr wbcSidToGid ( const struct wbcDomainSid * sid ,
gid_t * pgid ) ;
wbcErr wbcGidToSid ( gid_t gid ,
struct wbcDomainSid * sid ) ;
wbcErr wbcAllocateUid ( uid_t * puid ) ;
2008-04-06 13:27:36 +04:00
wbcErr wbcAllocateGid ( gid_t * pgid ) ;
2007-12-21 20:57:34 +03:00
/*
* NSS Lookup User / Group details
*/
wbcErr wbcGetpwnam ( const char * name , struct passwd * * pwd ) ;
wbcErr wbcGetpwuid ( uid_t uid , struct passwd * * pwd ) ;
wbcErr wbcGetgrnam ( const char * name , struct group * * grp ) ;
wbcErr wbcGetgrgid ( gid_t gid , struct group * * grp ) ;
wbcErr wbcSetpwent ( void ) ;
wbcErr wbcEndpwent ( void ) ;
wbcErr wbcGetpwent ( struct passwd * * pwd ) ;
wbcErr wbcSetgrent ( void ) ;
wbcErr wbcEndgrent ( void ) ;
wbcErr wbcGetgrent ( struct group * * grp ) ;
2008-04-06 13:55:57 +04:00
wbcErr wbcGetGroups ( const char * account ,
uint32_t * num_groups ,
gid_t * * _groups ) ;
2007-12-21 20:57:34 +03:00
/*
* Lookup Domain information
*/
wbcErr wbcDomainInfo ( const char * domain ,
struct wbcDomainInfo * * info ) ;
/*
* Athenticate functions
*/
2008-01-03 14:10:27 +03:00
wbcErr wbcAuthenticateUser ( const char * username ,
2007-12-21 20:57:34 +03:00
const char * password ) ;
2008-01-24 16:05:59 +03:00
wbcErr wbcAuthenticateUserEx ( const struct wbcAuthUserParams * params ,
struct wbcAuthUserInfo * * info ,
struct wbcAuthErrorInfo * * error ) ;
2007-12-21 20:57:34 +03:00
# endif /* _WBCLIENT_H */