1/*
2   Unix SMB/CIFS implementation.
3
4   Winbind daemon for ntdom nss module
5
6   Copyright (C) Tim Potter 2000
7
8   This library is free software; you can redistribute it and/or
9   modify it under the terms of the GNU Library General Public
10   License as published by the Free Software Foundation; either
11   version 2 of the License, or (at your option) any later version.
12
13   This library is distributed in the hope that it will be useful,
14   but WITHOUT ANY WARRANTY; without even the implied warranty of
15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
16   Library General Public License for more details.
17
18   You should have received a copy of the GNU Library General Public
19   License along with this library; if not, write to the
20   Free Software Foundation, Inc., 59 Temple Place - Suite 330,
21   Boston, MA  02111-1307, USA.
22*/
23
24#ifndef SAFE_FREE
25#define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0)
26#endif
27
28#ifndef _WINBINDD_NTDOM_H
29#define _WINBINDD_NTDOM_H
30
31#define WINBINDD_SOCKET_NAME "pipe"            /* Name of PF_UNIX socket */
32#define WINBINDD_SOCKET_DIR  "/tmp/.winbindd"  /* Name of PF_UNIX dir */
33#define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */
34#define WINBINDD_DOMAIN_ENV  "WINBINDD_DOMAIN" /* Environment variables */
35#define WINBINDD_DONT_ENV    "_NO_WINBINDD"
36
37/* Update this when you change the interface.  */
38
39#define WINBIND_INTERFACE_VERSION 9
40
41/* Socket commands */
42
43enum winbindd_cmd {
44
45	WINBINDD_INTERFACE_VERSION,    /* Always a well known value */
46
47	/* Get users and groups */
48
49	WINBINDD_GETPWNAM,
50	WINBINDD_GETPWUID,
51	WINBINDD_GETGRNAM,
52	WINBINDD_GETGRGID,
53	WINBINDD_GETGROUPS,
54
55	/* Enumerate users and groups */
56
57	WINBINDD_SETPWENT,
58	WINBINDD_ENDPWENT,
59	WINBINDD_GETPWENT,
60	WINBINDD_SETGRENT,
61	WINBINDD_ENDGRENT,
62	WINBINDD_GETGRENT,
63
64	/* PAM authenticate and password change */
65
66	WINBINDD_PAM_AUTH,
67	WINBINDD_PAM_AUTH_CRAP,
68	WINBINDD_PAM_CHAUTHTOK,
69
70	/* List various things */
71
72	WINBINDD_LIST_USERS,         /* List w/o rid->id mapping */
73	WINBINDD_LIST_GROUPS,        /* Ditto */
74	WINBINDD_LIST_TRUSTDOM,
75
76	/* SID conversion */
77
78	WINBINDD_LOOKUPSID,
79	WINBINDD_LOOKUPNAME,
80
81	/* Lookup functions */
82
83	WINBINDD_SID_TO_UID,
84	WINBINDD_SID_TO_GID,
85	WINBINDD_UID_TO_SID,
86	WINBINDD_GID_TO_SID,
87
88	/* Miscellaneous other stuff */
89
90	WINBINDD_CHECK_MACHACC,     /* Check machine account pw works */
91	WINBINDD_PING,              /* Just tell me winbind is running */
92	WINBINDD_INFO,              /* Various bit of info.  Currently just tidbits */
93	WINBINDD_DOMAIN_NAME,       /* The domain this winbind server is a member of (lp_workgroup()) */
94
95	WINBINDD_DOMAIN_INFO,	/* Most of what we know from
96				   struct winbindd_domain */
97
98	WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */
99
100	/* WINS commands */
101
102	WINBINDD_WINS_BYIP,
103	WINBINDD_WINS_BYNAME,
104
105	/* account management commands */
106
107	WINBINDD_CREATE_USER,
108	WINBINDD_CREATE_GROUP,
109	WINBINDD_ADD_USER_TO_GROUP,
110	WINBINDD_REMOVE_USER_FROM_GROUP,
111	WINBINDD_SET_USER_PRIMARY_GROUP,
112	WINBINDD_DELETE_USER,
113	WINBINDD_DELETE_GROUP,
114
115	/* this is like GETGRENT but gives an empty group list */
116	WINBINDD_GETGRLST,
117
118	WINBINDD_NETBIOS_NAME,       /* The netbios name of the server */
119	/* Placeholder for end of cmd list */
120
121	/* find the location of our privileged pipe */
122	WINBINDD_PRIV_PIPE_DIR,
123
124	/* return a list of group sids for a user sid */
125	WINBINDD_GETUSERSIDS,
126
127	WINBINDD_NUM_CMDS
128};
129
130typedef struct winbindd_pw {
131	fstring pw_name;
132	fstring pw_passwd;
133	uid_t pw_uid;
134	gid_t pw_gid;
135	fstring pw_gecos;
136	fstring pw_dir;
137	fstring pw_shell;
138} WINBINDD_PW;
139
140
141typedef struct winbindd_gr {
142	fstring gr_name;
143	fstring gr_passwd;
144	gid_t gr_gid;
145	int num_gr_mem;
146	int gr_mem_ofs;   /* offset to group membership */
147	char **gr_mem;
148} WINBINDD_GR;
149
150
151#define WBFLAG_PAM_INFO3_NDR  		0x0001
152#define WBFLAG_PAM_INFO3_TEXT 		0x0002
153#define WBFLAG_PAM_NTKEY      		0x0004
154#define WBFLAG_PAM_LMKEY      		0x0008
155#define WBFLAG_PAM_CONTACT_TRUSTDOM 	0x0010
156#define WBFLAG_QUERY_ONLY		0x0020
157#define WBFLAG_ALLOCATE_RID		0x0040
158#define WBFLAG_PAM_UNIX_NAME            0x0080
159
160/* Winbind request structure */
161
162struct winbindd_request {
163	uint32 length;
164	enum winbindd_cmd cmd;   /* Winbindd command to execute */
165	pid_t pid;               /* pid of calling process */
166	uint32 flags;            /* flags relavant to a given request */
167	fstring domain_name;	/* name of domain for which the request applies */
168
169	union {
170		fstring winsreq;     /* WINS request */
171		fstring username;    /* getpwnam */
172		fstring groupname;   /* getgrnam */
173		uid_t uid;           /* getpwuid, uid_to_sid */
174		gid_t gid;           /* getgrgid, gid_to_sid */
175		struct {
176			/* We deliberatedly don't split into domain/user to
177                           avoid having the client know what the separator
178                           character is. */
179			fstring user;
180			fstring pass;
181		} auth;              /* pam_winbind auth module */
182                struct {
183                        unsigned char chal[8];
184                        fstring user;
185                        fstring domain;
186                        fstring lm_resp;
187                        uint16 lm_resp_len;
188                        fstring nt_resp;
189                        uint16 nt_resp_len;
190			fstring workstation;
191                } auth_crap;
192                struct {
193                    fstring user;
194                    fstring oldpass;
195                    fstring newpass;
196                } chauthtok;         /* pam_winbind passwd module */
197		fstring sid;         /* lookupsid, sid_to_[ug]id */
198		struct {
199			fstring dom_name;       /* lookupname */
200			fstring name;
201		} name;
202		uint32 num_entries;  /* getpwent, getgrent */
203		struct {
204			fstring username;
205			fstring groupname;
206		} acct_mgt;
207	} data;
208	char null_term;
209};
210
211/* Response values */
212
213enum winbindd_result {
214	WINBINDD_ERROR,
215	WINBINDD_OK
216};
217
218/* Winbind response structure */
219
220struct winbindd_response {
221
222	/* Header information */
223
224	uint32 length;                        /* Length of response */
225	enum winbindd_result result;          /* Result code */
226
227	/* Fixed length return data */
228
229	union {
230		int interface_version;  /* Try to ensure this is always in the same spot... */
231
232		fstring winsresp;		/* WINS response */
233
234		/* getpwnam, getpwuid */
235
236		struct winbindd_pw pw;
237
238		/* getgrnam, getgrgid */
239
240		struct winbindd_gr gr;
241
242		uint32 num_entries; /* getpwent, getgrent */
243		struct winbindd_sid {
244			fstring sid;        /* lookupname, [ug]id_to_sid */
245			int type;
246		} sid;
247		struct winbindd_name {
248			fstring dom_name;       /* lookupsid */
249			fstring name;
250			int type;
251		} name;
252		uid_t uid;          /* sid_to_uid */
253		gid_t gid;          /* sid_to_gid */
254		struct winbindd_info {
255			char winbind_separator;
256			fstring samba_version;
257		} info;
258		fstring domain_name;
259		fstring netbios_name;
260
261		struct auth_reply {
262			uint32 nt_status;
263			fstring nt_status_string;
264			fstring error_string;
265			int pam_error;
266			char nt_session_key[16];
267			char first_8_lm_hash[8];
268		} auth;
269		uint32 rid;	/* create user or group */
270		struct {
271			fstring name;
272			fstring alt_name;
273			fstring sid;
274			BOOL native_mode;
275			BOOL active_directory;
276			BOOL primary;
277			uint32 sequence_number;
278		} domain_info;
279	} data;
280
281	/* Variable length return data */
282
283	void *extra_data;               /* getgrnam, getgrgid, getgrent */
284};
285
286#endif
287