1/* 2 Unix SMB/CIFS implementation. 3 4 Winbind daemon for ntdom nss module 5 6 Copyright (C) Tim Potter 2000 7 8 This library is free software; you can redistribute it and/or 9 modify it under the terms of the GNU Library General Public 10 License as published by the Free Software Foundation; either 11 version 2 of the License, or (at your option) any later version. 12 13 This library is distributed in the hope that it will be useful, 14 but WITHOUT ANY WARRANTY; without even the implied warranty of 15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 16 Library General Public License for more details. 17 18 You should have received a copy of the GNU Library General Public 19 License along with this library; if not, write to the 20 Free Software Foundation, Inc., 59 Temple Place - Suite 330, 21 Boston, MA 02111-1307, USA. 22*/ 23 24#ifndef SAFE_FREE 25#define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0) 26#endif 27 28#ifndef _WINBINDD_NTDOM_H 29#define _WINBINDD_NTDOM_H 30 31#define WINBINDD_SOCKET_NAME "pipe" /* Name of PF_UNIX socket */ 32#define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */ 33#define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */ 34#define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */ 35#define WINBINDD_DONT_ENV "_NO_WINBINDD" 36 37/* Update this when you change the interface. */ 38 39#define WINBIND_INTERFACE_VERSION 9 40 41/* Socket commands */ 42 43enum winbindd_cmd { 44 45 WINBINDD_INTERFACE_VERSION, /* Always a well known value */ 46 47 /* Get users and groups */ 48 49 WINBINDD_GETPWNAM, 50 WINBINDD_GETPWUID, 51 WINBINDD_GETGRNAM, 52 WINBINDD_GETGRGID, 53 WINBINDD_GETGROUPS, 54 55 /* Enumerate users and groups */ 56 57 WINBINDD_SETPWENT, 58 WINBINDD_ENDPWENT, 59 WINBINDD_GETPWENT, 60 WINBINDD_SETGRENT, 61 WINBINDD_ENDGRENT, 62 WINBINDD_GETGRENT, 63 64 /* PAM authenticate and password change */ 65 66 WINBINDD_PAM_AUTH, 67 WINBINDD_PAM_AUTH_CRAP, 68 WINBINDD_PAM_CHAUTHTOK, 69 70 /* List various things */ 71 72 WINBINDD_LIST_USERS, /* List w/o rid->id mapping */ 73 WINBINDD_LIST_GROUPS, /* Ditto */ 74 WINBINDD_LIST_TRUSTDOM, 75 76 /* SID conversion */ 77 78 WINBINDD_LOOKUPSID, 79 WINBINDD_LOOKUPNAME, 80 81 /* Lookup functions */ 82 83 WINBINDD_SID_TO_UID, 84 WINBINDD_SID_TO_GID, 85 WINBINDD_UID_TO_SID, 86 WINBINDD_GID_TO_SID, 87 88 /* Miscellaneous other stuff */ 89 90 WINBINDD_CHECK_MACHACC, /* Check machine account pw works */ 91 WINBINDD_PING, /* Just tell me winbind is running */ 92 WINBINDD_INFO, /* Various bit of info. Currently just tidbits */ 93 WINBINDD_DOMAIN_NAME, /* The domain this winbind server is a member of (lp_workgroup()) */ 94 95 WINBINDD_DOMAIN_INFO, /* Most of what we know from 96 struct winbindd_domain */ 97 98 WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */ 99 100 /* WINS commands */ 101 102 WINBINDD_WINS_BYIP, 103 WINBINDD_WINS_BYNAME, 104 105 /* account management commands */ 106 107 WINBINDD_CREATE_USER, 108 WINBINDD_CREATE_GROUP, 109 WINBINDD_ADD_USER_TO_GROUP, 110 WINBINDD_REMOVE_USER_FROM_GROUP, 111 WINBINDD_SET_USER_PRIMARY_GROUP, 112 WINBINDD_DELETE_USER, 113 WINBINDD_DELETE_GROUP, 114 115 /* this is like GETGRENT but gives an empty group list */ 116 WINBINDD_GETGRLST, 117 118 WINBINDD_NETBIOS_NAME, /* The netbios name of the server */ 119 /* Placeholder for end of cmd list */ 120 121 /* find the location of our privileged pipe */ 122 WINBINDD_PRIV_PIPE_DIR, 123 124 /* return a list of group sids for a user sid */ 125 WINBINDD_GETUSERSIDS, 126 127 WINBINDD_NUM_CMDS 128}; 129 130typedef struct winbindd_pw { 131 fstring pw_name; 132 fstring pw_passwd; 133 uid_t pw_uid; 134 gid_t pw_gid; 135 fstring pw_gecos; 136 fstring pw_dir; 137 fstring pw_shell; 138} WINBINDD_PW; 139 140 141typedef struct winbindd_gr { 142 fstring gr_name; 143 fstring gr_passwd; 144 gid_t gr_gid; 145 int num_gr_mem; 146 int gr_mem_ofs; /* offset to group membership */ 147 char **gr_mem; 148} WINBINDD_GR; 149 150 151#define WBFLAG_PAM_INFO3_NDR 0x0001 152#define WBFLAG_PAM_INFO3_TEXT 0x0002 153#define WBFLAG_PAM_NTKEY 0x0004 154#define WBFLAG_PAM_LMKEY 0x0008 155#define WBFLAG_PAM_CONTACT_TRUSTDOM 0x0010 156#define WBFLAG_QUERY_ONLY 0x0020 157#define WBFLAG_ALLOCATE_RID 0x0040 158#define WBFLAG_PAM_UNIX_NAME 0x0080 159 160/* Winbind request structure */ 161 162struct winbindd_request { 163 uint32 length; 164 enum winbindd_cmd cmd; /* Winbindd command to execute */ 165 pid_t pid; /* pid of calling process */ 166 uint32 flags; /* flags relavant to a given request */ 167 fstring domain_name; /* name of domain for which the request applies */ 168 169 union { 170 fstring winsreq; /* WINS request */ 171 fstring username; /* getpwnam */ 172 fstring groupname; /* getgrnam */ 173 uid_t uid; /* getpwuid, uid_to_sid */ 174 gid_t gid; /* getgrgid, gid_to_sid */ 175 struct { 176 /* We deliberatedly don't split into domain/user to 177 avoid having the client know what the separator 178 character is. */ 179 fstring user; 180 fstring pass; 181 } auth; /* pam_winbind auth module */ 182 struct { 183 unsigned char chal[8]; 184 fstring user; 185 fstring domain; 186 fstring lm_resp; 187 uint16 lm_resp_len; 188 fstring nt_resp; 189 uint16 nt_resp_len; 190 fstring workstation; 191 } auth_crap; 192 struct { 193 fstring user; 194 fstring oldpass; 195 fstring newpass; 196 } chauthtok; /* pam_winbind passwd module */ 197 fstring sid; /* lookupsid, sid_to_[ug]id */ 198 struct { 199 fstring dom_name; /* lookupname */ 200 fstring name; 201 } name; 202 uint32 num_entries; /* getpwent, getgrent */ 203 struct { 204 fstring username; 205 fstring groupname; 206 } acct_mgt; 207 } data; 208 char null_term; 209}; 210 211/* Response values */ 212 213enum winbindd_result { 214 WINBINDD_ERROR, 215 WINBINDD_OK 216}; 217 218/* Winbind response structure */ 219 220struct winbindd_response { 221 222 /* Header information */ 223 224 uint32 length; /* Length of response */ 225 enum winbindd_result result; /* Result code */ 226 227 /* Fixed length return data */ 228 229 union { 230 int interface_version; /* Try to ensure this is always in the same spot... */ 231 232 fstring winsresp; /* WINS response */ 233 234 /* getpwnam, getpwuid */ 235 236 struct winbindd_pw pw; 237 238 /* getgrnam, getgrgid */ 239 240 struct winbindd_gr gr; 241 242 uint32 num_entries; /* getpwent, getgrent */ 243 struct winbindd_sid { 244 fstring sid; /* lookupname, [ug]id_to_sid */ 245 int type; 246 } sid; 247 struct winbindd_name { 248 fstring dom_name; /* lookupsid */ 249 fstring name; 250 int type; 251 } name; 252 uid_t uid; /* sid_to_uid */ 253 gid_t gid; /* sid_to_gid */ 254 struct winbindd_info { 255 char winbind_separator; 256 fstring samba_version; 257 } info; 258 fstring domain_name; 259 fstring netbios_name; 260 261 struct auth_reply { 262 uint32 nt_status; 263 fstring nt_status_string; 264 fstring error_string; 265 int pam_error; 266 char nt_session_key[16]; 267 char first_8_lm_hash[8]; 268 } auth; 269 uint32 rid; /* create user or group */ 270 struct { 271 fstring name; 272 fstring alt_name; 273 fstring sid; 274 BOOL native_mode; 275 BOOL active_directory; 276 BOOL primary; 277 uint32 sequence_number; 278 } domain_info; 279 } data; 280 281 /* Variable length return data */ 282 283 void *extra_data; /* getgrnam, getgrgid, getgrent */ 284}; 285 286#endif 287