1/* 2 Unix SMB/CIFS implementation. 3 4 Winbind daemon for ntdom nss module 5 6 Copyright (C) Tim Potter 2000 7 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003 8 9 This library is free software; you can redistribute it and/or 10 modify it under the terms of the GNU Library General Public 11 License as published by the Free Software Foundation; either 12 version 2 of the License, or (at your option) any later version. 13 14 This library is distributed in the hope that it will be useful, 15 but WITHOUT ANY WARRANTY; without even the implied warranty of 16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 17 Library General Public License for more details. 18 19 You should have received a copy of the GNU Library General Public 20 License along with this library; if not, write to the 21 Free Software Foundation, Inc., 59 Temple Place - Suite 330, 22 Boston, MA 02111-1307, USA. 23*/ 24 25#ifndef _WINBINDD_H 26#define _WINBINDD_H 27 28#include "nterr.h" 29 30#include "winbindd_nss.h" 31 32#ifdef HAVE_LIBNSCD 33#include "libnscd.h" 34#endif 35 36#ifdef HAVE_SYS_MMAN_H 37#include <sys/mman.h> 38#endif 39 40#undef DBGC_CLASS 41#define DBGC_CLASS DBGC_WINBIND 42 43#define WB_REPLACE_CHAR '_' 44 45/* bits for fd_event.flags */ 46#define EVENT_FD_READ 1 47#define EVENT_FD_WRITE 2 48 49struct fd_event { 50 struct fd_event *next, *prev; 51 int fd; 52 int flags; /* see EVENT_FD_* flags */ 53 void (*handler)(struct fd_event *fde, int flags); 54 void *data; 55 size_t length, done; 56 void (*finished)(void *private_data, BOOL success); 57 void *private_data; 58}; 59 60struct sid_ctr { 61 DOM_SID *sid; 62 BOOL finished; 63 const char *domain; 64 const char *name; 65 enum lsa_SidType type; 66}; 67 68struct winbindd_cli_state { 69 struct winbindd_cli_state *prev, *next; /* Linked list pointers */ 70 int sock; /* Open socket from client */ 71 struct fd_event fd_event; 72 pid_t pid; /* pid of client */ 73 BOOL finished; /* Can delete from list */ 74 BOOL write_extra_data; /* Write extra_data field */ 75 time_t last_access; /* Time of last access (read or write) */ 76 BOOL privileged; /* Is the client 'privileged' */ 77 78 TALLOC_CTX *mem_ctx; /* memory per request */ 79 struct winbindd_request request; /* Request from client */ 80 struct winbindd_response response; /* Respose to client */ 81 BOOL getpwent_initialized; /* Has getpwent_state been 82 * initialized? */ 83 BOOL getgrent_initialized; /* Has getgrent_state been 84 * initialized? */ 85 struct getent_state *getpwent_state; /* State for getpwent() */ 86 struct getent_state *getgrent_state; /* State for getgrent() */ 87}; 88 89/* State between get{pw,gr}ent() calls */ 90 91struct getent_state { 92 struct getent_state *prev, *next; 93 void *sam_entries; 94 uint32 sam_entry_index, num_sam_entries; 95 BOOL got_sam_entries; 96 fstring domain_name; 97}; 98 99/* Storage for cached getpwent() user entries */ 100 101struct getpwent_user { 102 fstring name; /* Account name */ 103 fstring gecos; /* User information */ 104 fstring homedir; /* User Home Directory */ 105 fstring shell; /* User Login Shell */ 106 DOM_SID user_sid; /* NT user and primary group SIDs */ 107 DOM_SID group_sid; 108}; 109 110/* Server state structure */ 111 112typedef struct { 113 char *acct_name; 114 char *full_name; 115 char *homedir; 116 char *shell; 117 gid_t primary_gid; /* allow the nss_info 118 backend to set the primary group */ 119 DOM_SID user_sid; /* NT user and primary group SIDs */ 120 DOM_SID group_sid; 121} WINBIND_USERINFO; 122 123/* Our connection to the DC */ 124 125struct winbindd_cm_conn { 126 struct cli_state *cli; 127 128 struct rpc_pipe_client *samr_pipe; 129 POLICY_HND sam_connect_handle, sam_domain_handle; 130 131 struct rpc_pipe_client *lsa_pipe; 132 POLICY_HND lsa_policy; 133 134 struct rpc_pipe_client *netlogon_pipe; 135}; 136 137struct winbindd_async_request; 138 139/* Async child */ 140 141struct winbindd_child { 142 struct winbindd_child *next, *prev; 143 144 pid_t pid; 145 struct winbindd_domain *domain; 146 pstring logfilename; 147 148 struct fd_event event; 149 struct timed_event *lockout_policy_event; 150 struct winbindd_async_request *requests; 151}; 152 153/* Structures to hold per domain information */ 154 155struct winbindd_domain { 156 fstring name; /* Domain name */ 157 fstring alt_name; /* alt Domain name (if any) */ 158 fstring forest_name; /* Name of the AD forest we're in */ 159 DOM_SID sid; /* SID for this domain */ 160 BOOL initialized; /* Did we already ask for the domain mode? */ 161 BOOL native_mode; /* is this a win2k domain in native mode ? */ 162 BOOL active_directory; /* is this a win2k active directory ? */ 163 BOOL primary; /* is this our primary domain ? */ 164 BOOL internal; /* BUILTIN and member SAM */ 165 BOOL online; /* is this domain available ? */ 166 time_t startup_time; /* When we set "startup" true. */ 167 BOOL startup; /* are we in the first 30 seconds after startup_time ? */ 168 169 /* Lookup methods for this domain (LDAP or RPC) */ 170 struct winbindd_methods *methods; 171 172 /* the backend methods are used by the cache layer to find the right 173 backend */ 174 struct winbindd_methods *backend; 175 176 /* Private data for the backends (used for connection cache) */ 177 178 void *private_data; 179 180 /* A working DC */ 181 fstring dcname; 182 struct sockaddr_in dcaddr; 183 184 /* Sequence number stuff */ 185 186 time_t last_seq_check; 187 uint32 sequence_number; 188 NTSTATUS last_status; 189 190 /* The smb connection */ 191 192 struct winbindd_cm_conn conn; 193 194 /* The child pid we're talking to */ 195 196 struct winbindd_child child; 197 198 /* Callback we use to try put us back online. */ 199 200 uint32 check_online_timeout; 201 struct timed_event *check_online_event; 202 203 /* Linked list info */ 204 205 struct winbindd_domain *prev, *next; 206}; 207 208/* per-domain methods. This is how LDAP vs RPC is selected 209 */ 210struct winbindd_methods { 211 /* does this backend provide a consistent view of the data? (ie. is the primary group 212 always correct) */ 213 BOOL consistent; 214 215 /* get a list of users, returning a WINBIND_USERINFO for each one */ 216 NTSTATUS (*query_user_list)(struct winbindd_domain *domain, 217 TALLOC_CTX *mem_ctx, 218 uint32 *num_entries, 219 WINBIND_USERINFO **info); 220 221 /* get a list of domain groups */ 222 NTSTATUS (*enum_dom_groups)(struct winbindd_domain *domain, 223 TALLOC_CTX *mem_ctx, 224 uint32 *num_entries, 225 struct acct_info **info); 226 227 /* get a list of domain local groups */ 228 NTSTATUS (*enum_local_groups)(struct winbindd_domain *domain, 229 TALLOC_CTX *mem_ctx, 230 uint32 *num_entries, 231 struct acct_info **info); 232 233 /* convert one user or group name to a sid */ 234 NTSTATUS (*name_to_sid)(struct winbindd_domain *domain, 235 TALLOC_CTX *mem_ctx, 236 const char *domain_name, 237 const char *name, 238 DOM_SID *sid, 239 enum lsa_SidType *type); 240 241 /* convert a sid to a user or group name */ 242 NTSTATUS (*sid_to_name)(struct winbindd_domain *domain, 243 TALLOC_CTX *mem_ctx, 244 const DOM_SID *sid, 245 char **domain_name, 246 char **name, 247 enum lsa_SidType *type); 248 249 NTSTATUS (*rids_to_names)(struct winbindd_domain *domain, 250 TALLOC_CTX *mem_ctx, 251 const DOM_SID *domain_sid, 252 uint32 *rids, 253 size_t num_rids, 254 char **domain_name, 255 char ***names, 256 enum lsa_SidType **types); 257 258 /* lookup user info for a given SID */ 259 NTSTATUS (*query_user)(struct winbindd_domain *domain, 260 TALLOC_CTX *mem_ctx, 261 const DOM_SID *user_sid, 262 WINBIND_USERINFO *user_info); 263 264 /* lookup all groups that a user is a member of. The backend 265 can also choose to lookup by username or rid for this 266 function */ 267 NTSTATUS (*lookup_usergroups)(struct winbindd_domain *domain, 268 TALLOC_CTX *mem_ctx, 269 const DOM_SID *user_sid, 270 uint32 *num_groups, DOM_SID **user_gids); 271 272 /* Lookup all aliases that the sids delivered are member of. This is 273 * to implement 'domain local groups' correctly */ 274 NTSTATUS (*lookup_useraliases)(struct winbindd_domain *domain, 275 TALLOC_CTX *mem_ctx, 276 uint32 num_sids, 277 const DOM_SID *sids, 278 uint32 *num_aliases, 279 uint32 **alias_rids); 280 281 /* find all members of the group with the specified group_rid */ 282 NTSTATUS (*lookup_groupmem)(struct winbindd_domain *domain, 283 TALLOC_CTX *mem_ctx, 284 const DOM_SID *group_sid, 285 uint32 *num_names, 286 DOM_SID **sid_mem, char ***names, 287 uint32 **name_types); 288 289 /* return the current global sequence number */ 290 NTSTATUS (*sequence_number)(struct winbindd_domain *domain, uint32 *seq); 291 292 /* return the lockout policy */ 293 NTSTATUS (*lockout_policy)(struct winbindd_domain *domain, 294 TALLOC_CTX *mem_ctx, 295 SAM_UNK_INFO_12 *lockout_policy); 296 297 /* return the lockout policy */ 298 NTSTATUS (*password_policy)(struct winbindd_domain *domain, 299 TALLOC_CTX *mem_ctx, 300 SAM_UNK_INFO_1 *password_policy); 301 302 /* enumerate trusted domains */ 303 NTSTATUS (*trusted_domains)(struct winbindd_domain *domain, 304 TALLOC_CTX *mem_ctx, 305 uint32 *num_domains, 306 char ***names, 307 char ***alt_names, 308 DOM_SID **dom_sids); 309}; 310 311/* Used to glue a policy handle and cli_state together */ 312 313typedef struct { 314 struct cli_state *cli; 315 POLICY_HND pol; 316} CLI_POLICY_HND; 317 318/* Filled out by IDMAP backends */ 319struct winbindd_idmap_methods { 320 /* Called when backend is first loaded */ 321 BOOL (*init)(void); 322 323 BOOL (*get_sid_from_uid)(uid_t uid, DOM_SID *sid); 324 BOOL (*get_sid_from_gid)(gid_t gid, DOM_SID *sid); 325 326 BOOL (*get_uid_from_sid)(DOM_SID *sid, uid_t *uid); 327 BOOL (*get_gid_from_sid)(DOM_SID *sid, gid_t *gid); 328 329 /* Called when backend is unloaded */ 330 BOOL (*close)(void); 331 /* Called to dump backend status */ 332 void (*status)(void); 333}; 334 335#include "nsswitch/winbindd_proto.h" 336 337#define WINBINDD_ESTABLISH_LOOP 30 338#define WINBINDD_RESCAN_FREQ 300 339#define WINBINDD_PAM_AUTH_KRB5_RENEW_TIME 2592000 /* one month */ 340#define DOM_SEQUENCE_NONE ((uint32)-1) 341 342#endif /* _WINBINDD_H */ 343