1 /* 2 Unix SMB/CIFS implementation. 3 4 Winbind client API 5 6 Copyright (C) Gerald (Jerry) Carter 2007 7 Copyright (C) Volker Lendecke 2009 8 Copyright (C) Matthew Newton 2015 9 10 This library is free software; you can redistribute it and/or 11 modify it under the terms of the GNU Lesser General Public 12 License as published by the Free Software Foundation; either 13 version 3 of the License, or (at your option) any later version. 14 15 This library is distributed in the hope that it will be useful, 16 but WITHOUT ANY WARRANTY; without even the implied warranty of 17 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 18 Library General Public License for more details. 19 20 You should have received a copy of the GNU Lesser General Public License 21 along with this program. If not, see <http://www.gnu.org/licenses/>. 22 */ 23 24 #ifndef _WBCLIENT_H 25 #define _WBCLIENT_H 26 27 #include <pwd.h> 28 #include <grp.h> 29 30 /* Define error types */ 31 32 /** 33 * @brief Status codes returned from wbc functions 34 **/ 35 36 enum _wbcErrType { 37 WBC_ERR_SUCCESS = 0, /**< Successful completion **/ 38 WBC_ERR_NOT_IMPLEMENTED,/**< Function not implemented **/ 39 WBC_ERR_UNKNOWN_FAILURE,/**< General failure **/ 40 WBC_ERR_NO_MEMORY, /**< Memory allocation error **/ 41 WBC_ERR_INVALID_SID, /**< Invalid SID format **/ 42 WBC_ERR_INVALID_PARAM, /**< An Invalid parameter was supplied **/ 43 WBC_ERR_WINBIND_NOT_AVAILABLE, /**< Winbind daemon is not available **/ 44 WBC_ERR_DOMAIN_NOT_FOUND, /**< Domain is not trusted or cannot be found **/ 45 WBC_ERR_INVALID_RESPONSE, /**< Winbind returned an invalid response **/ 46 WBC_ERR_NSS_ERROR, /**< NSS_STATUS error **/ 47 WBC_ERR_AUTH_ERROR, /**< Authentication failed **/ 48 WBC_ERR_UNKNOWN_USER, /**< User account cannot be found */ 49 WBC_ERR_UNKNOWN_GROUP, /**< Group account cannot be found */ 50 WBC_ERR_PWD_CHANGE_FAILED /**< Password Change has failed */ 51 }; 52 53 typedef enum _wbcErrType wbcErr; 54 55 #define WBC_ERROR_IS_OK(x) ((x) == WBC_ERR_SUCCESS) 56 57 const char *wbcErrorString(wbcErr error); 58 59 /** 60 * @brief Some useful details about the wbclient library 61 * 62 * 0.1: Initial version 63 * 0.2: Added wbcRemoveUidMapping() 64 * Added wbcRemoveGidMapping() 65 * 0.3: Added wbcGetpwsid() 66 * Added wbcGetSidAliases() 67 * 0.4: Added wbcSidTypeString() 68 * 0.5: Added wbcChangeTrustCredentials() 69 * 0.6: Made struct wbcInterfaceDetails char* members non-const 70 * 0.7: Added wbcSidToStringBuf() 71 * 0.8: Added wbcSidsToUnixIds() and wbcLookupSids() 72 * 0.9: Added support for WBC_ID_TYPE_BOTH 73 * 0.10: Added wbcPingDc2() 74 * 0.11: Extended wbcAuthenticateUserEx to provide PAC parsing 75 * 0.12: Added wbcCtxCreate and friends 76 * 0.13: Added wbcCtxUnixIdsToSids and wbcUnixIdsToSids 77 * 0.14: Added "authoritative" to wbcAuthErrorInfo 78 * Added WBC_SID_NAME_LABEL 79 * 0.15: Added wbcSetClientProcessName() 80 **/ 81 #define WBCLIENT_MAJOR_VERSION 0 82 #define WBCLIENT_MINOR_VERSION 15 83 #define WBCLIENT_VENDOR_VERSION "Samba libwbclient" 84 struct wbcLibraryDetails { 85 uint16_t major_version; 86 uint16_t minor_version; 87 const char *vendor_version; 88 }; 89 90 /** 91 * @brief Some useful details about the running winbindd 92 * 93 **/ 94 struct wbcInterfaceDetails { 95 uint32_t interface_version; 96 char *winbind_version; 97 char winbind_separator; 98 char *netbios_name; 99 char *netbios_domain; 100 char *dns_domain; 101 }; 102 103 /** 104 * @brief Library context data 105 * 106 **/ 107 108 struct wbcContext; 109 110 /* 111 * Data types used by the Winbind Client API 112 */ 113 114 #ifndef WBC_MAXSUBAUTHS 115 #define WBC_MAXSUBAUTHS 15 /* max sub authorities in a SID */ 116 #endif 117 118 /** 119 * @brief Windows Security Identifier 120 * 121 **/ 122 123 struct wbcDomainSid { 124 uint8_t sid_rev_num; 125 uint8_t num_auths; 126 uint8_t id_auth[6]; 127 uint32_t sub_auths[WBC_MAXSUBAUTHS]; 128 }; 129 130 /** 131 * @brief Security Identifier type 132 **/ 133 134 enum wbcSidType { 135 WBC_SID_NAME_USE_NONE=0, 136 WBC_SID_NAME_USER=1, 137 WBC_SID_NAME_DOM_GRP=2, 138 WBC_SID_NAME_DOMAIN=3, 139 WBC_SID_NAME_ALIAS=4, 140 WBC_SID_NAME_WKN_GRP=5, 141 WBC_SID_NAME_DELETED=6, 142 WBC_SID_NAME_INVALID=7, 143 WBC_SID_NAME_UNKNOWN=8, 144 WBC_SID_NAME_COMPUTER=9, 145 WBC_SID_NAME_LABEL=10 146 }; 147 148 /** 149 * @brief Security Identifier with attributes 150 **/ 151 152 struct wbcSidWithAttr { 153 struct wbcDomainSid sid; 154 uint32_t attributes; 155 }; 156 157 /* wbcSidWithAttr->attributes */ 158 159 #define WBC_SID_ATTR_GROUP_MANDATORY 0x00000001 160 #define WBC_SID_ATTR_GROUP_ENABLED_BY_DEFAULT 0x00000002 161 #define WBC_SID_ATTR_GROUP_ENABLED 0x00000004 162 #define WBC_SID_ATTR_GROUP_OWNER 0x00000008 163 #define WBC_SID_ATTR_GROUP_USEFOR_DENY_ONLY 0x00000010 164 #define WBC_SID_ATTR_GROUP_RESOURCE 0x20000000 165 #define WBC_SID_ATTR_GROUP_LOGON_ID 0xC0000000 166 167 /** 168 * @brief Windows GUID 169 * 170 **/ 171 172 struct wbcGuid { 173 uint32_t time_low; 174 uint16_t time_mid; 175 uint16_t time_hi_and_version; 176 uint8_t clock_seq[2]; 177 uint8_t node[6]; 178 }; 179 180 /** 181 * @brief Domain Information 182 **/ 183 184 struct wbcDomainInfo { 185 char *short_name; 186 char *dns_name; 187 struct wbcDomainSid sid; 188 uint32_t domain_flags; 189 uint32_t trust_flags; 190 uint32_t trust_type; 191 char *trust_routing; 192 }; 193 194 /* wbcDomainInfo->domain_flags */ 195 196 #define WBC_DOMINFO_DOMAIN_UNKNOWN 0x00000000 197 #define WBC_DOMINFO_DOMAIN_NATIVE 0x00000001 198 #define WBC_DOMINFO_DOMAIN_AD 0x00000002 199 #define WBC_DOMINFO_DOMAIN_PRIMARY 0x00000004 200 #define WBC_DOMINFO_DOMAIN_OFFLINE 0x00000008 201 202 /* wbcDomainInfo->trust_flags */ 203 204 #define WBC_DOMINFO_TRUST_TRANSITIVE 0x00000001 205 #define WBC_DOMINFO_TRUST_INCOMING 0x00000002 206 #define WBC_DOMINFO_TRUST_OUTGOING 0x00000004 207 208 /* wbcDomainInfo->trust_type */ 209 210 #define WBC_DOMINFO_TRUSTTYPE_NONE 0x00000000 211 #define WBC_DOMINFO_TRUSTTYPE_FOREST 0x00000001 212 #define WBC_DOMINFO_TRUSTTYPE_IN_FOREST 0x00000002 213 #define WBC_DOMINFO_TRUSTTYPE_EXTERNAL 0x00000003 214 #define WBC_DOMINFO_TRUSTTYPE_LOCAL 0x00000004 215 #define WBC_DOMINFO_TRUSTTYPE_WKSTA 0x00000005 216 #define WBC_DOMINFO_TRUSTTYPE_RWDC 0x00000006 217 #define WBC_DOMINFO_TRUSTTYPE_RODC 0x00000007 218 #define WBC_DOMINFO_TRUSTTYPE_PDC 0x00000008 219 220 221 /** 222 * @brief Generic Blob 223 **/ 224 225 struct wbcBlob { 226 uint8_t *data; 227 size_t length; 228 }; 229 230 /** 231 * @brief Named Blob 232 **/ 233 234 struct wbcNamedBlob { 235 const char *name; 236 uint32_t flags; 237 struct wbcBlob blob; 238 }; 239 240 /** 241 * @brief Auth User Parameters 242 **/ 243 244 struct wbcAuthUserParams { 245 const char *account_name; 246 const char *domain_name; 247 const char *workstation_name; 248 249 uint32_t flags; 250 251 uint32_t parameter_control; 252 253 enum wbcAuthUserLevel { 254 WBC_AUTH_USER_LEVEL_PLAIN = 1, 255 WBC_AUTH_USER_LEVEL_HASH = 2, 256 WBC_AUTH_USER_LEVEL_RESPONSE = 3, 257 WBC_AUTH_USER_LEVEL_PAC = 4 258 } level; 259 union { 260 const char *plaintext; 261 struct { 262 uint8_t nt_hash[16]; 263 uint8_t lm_hash[16]; 264 } hash; 265 struct { 266 uint8_t challenge[8]; 267 uint32_t nt_length; 268 uint8_t *nt_data; 269 uint32_t lm_length; 270 uint8_t *lm_data; 271 } response; 272 struct wbcBlob pac; 273 } password; 274 }; 275 276 /** 277 * @brief Logon User Parameters 278 **/ 279 280 struct wbcLogonUserParams { 281 const char *username; 282 const char *password; 283 size_t num_blobs; 284 struct wbcNamedBlob *blobs; 285 }; 286 287 /** 288 * @brief ChangePassword Parameters 289 **/ 290 291 struct wbcChangePasswordParams { 292 const char *account_name; 293 const char *domain_name; 294 295 uint32_t flags; 296 297 enum wbcChangePasswordLevel { 298 WBC_CHANGE_PASSWORD_LEVEL_PLAIN = 1, 299 WBC_CHANGE_PASSWORD_LEVEL_RESPONSE = 2 300 } level; 301 302 union { 303 const char *plaintext; 304 struct { 305 uint32_t old_nt_hash_enc_length; 306 uint8_t *old_nt_hash_enc_data; 307 uint32_t old_lm_hash_enc_length; 308 uint8_t *old_lm_hash_enc_data; 309 } response; 310 } old_password; 311 union { 312 const char *plaintext; 313 struct { 314 uint32_t nt_length; 315 uint8_t *nt_data; 316 uint32_t lm_length; 317 uint8_t *lm_data; 318 } response; 319 } new_password; 320 }; 321 322 /* wbcAuthUserParams->parameter_control */ 323 324 #define WBC_MSV1_0_CLEARTEXT_PASSWORD_ALLOWED 0x00000002 325 #define WBC_MSV1_0_UPDATE_LOGON_STATISTICS 0x00000004 326 #define WBC_MSV1_0_RETURN_USER_PARAMETERS 0x00000008 327 #define WBC_MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x00000020 328 #define WBC_MSV1_0_RETURN_PROFILE_PATH 0x00000200 329 #define WBC_MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x00000800 330 #define WBC_MSV1_0_ALLOW_MSVCHAPV2 0x00010000 331 332 /* wbcAuthUserParams->flags */ 333 334 #define WBC_AUTH_PARAM_FLAGS_INTERACTIVE_LOGON 0x00000001 335 336 /** 337 * @brief Auth User Information 338 * 339 * Some of the strings are maybe NULL 340 **/ 341 342 struct wbcAuthUserInfo { 343 uint32_t user_flags; 344 345 char *account_name; 346 char *user_principal; 347 char *full_name; 348 char *domain_name; 349 char *dns_domain_name; 350 351 uint32_t acct_flags; 352 uint8_t user_session_key[16]; 353 uint8_t lm_session_key[8]; 354 355 uint16_t logon_count; 356 uint16_t bad_password_count; 357 358 uint64_t logon_time; 359 uint64_t logoff_time; 360 uint64_t kickoff_time; 361 uint64_t pass_last_set_time; 362 uint64_t pass_can_change_time; 363 uint64_t pass_must_change_time; 364 365 char *logon_server; 366 char *logon_script; 367 char *profile_path; 368 char *home_directory; 369 char *home_drive; 370 371 /* 372 * the 1st one is the account sid 373 * the 2nd one is the primary_group sid 374 * followed by the rest of the groups 375 */ 376 uint32_t num_sids; 377 struct wbcSidWithAttr *sids; 378 }; 379 380 /** 381 * @brief Logon User Information 382 * 383 * Some of the strings are maybe NULL 384 **/ 385 386 struct wbcLogonUserInfo { 387 struct wbcAuthUserInfo *info; 388 size_t num_blobs; 389 struct wbcNamedBlob *blobs; 390 }; 391 392 /* wbcAuthUserInfo->user_flags */ 393 394 #define WBC_AUTH_USER_INFO_GUEST 0x00000001 395 #define WBC_AUTH_USER_INFO_NOENCRYPTION 0x00000002 396 #define WBC_AUTH_USER_INFO_CACHED_ACCOUNT 0x00000004 397 #define WBC_AUTH_USER_INFO_USED_LM_PASSWORD 0x00000008 398 #define WBC_AUTH_USER_INFO_EXTRA_SIDS 0x00000020 399 #define WBC_AUTH_USER_INFO_SUBAUTH_SESSION_KEY 0x00000040 400 #define WBC_AUTH_USER_INFO_SERVER_TRUST_ACCOUNT 0x00000080 401 #define WBC_AUTH_USER_INFO_NTLMV2_ENABLED 0x00000100 402 #define WBC_AUTH_USER_INFO_RESOURCE_GROUPS 0x00000200 403 #define WBC_AUTH_USER_INFO_PROFILE_PATH_RETURNED 0x00000400 404 #define WBC_AUTH_USER_INFO_GRACE_LOGON 0x01000000 405 406 /* wbcAuthUserInfo->acct_flags */ 407 408 #define WBC_ACB_DISABLED 0x00000001 /* 1 User account disabled */ 409 #define WBC_ACB_HOMDIRREQ 0x00000002 /* 1 Home directory required */ 410 #define WBC_ACB_PWNOTREQ 0x00000004 /* 1 User password not required */ 411 #define WBC_ACB_TEMPDUP 0x00000008 /* 1 Temporary duplicate account */ 412 #define WBC_ACB_NORMAL 0x00000010 /* 1 Normal user account */ 413 #define WBC_ACB_MNS 0x00000020 /* 1 MNS logon user account */ 414 #define WBC_ACB_DOMTRUST 0x00000040 /* 1 Interdomain trust account */ 415 #define WBC_ACB_WSTRUST 0x00000080 /* 1 Workstation trust account */ 416 #define WBC_ACB_SVRTRUST 0x00000100 /* 1 Server trust account */ 417 #define WBC_ACB_PWNOEXP 0x00000200 /* 1 User password does not expire */ 418 #define WBC_ACB_AUTOLOCK 0x00000400 /* 1 Account auto locked */ 419 #define WBC_ACB_ENC_TXT_PWD_ALLOWED 0x00000800 /* 1 Encryped text password is allowed */ 420 #define WBC_ACB_SMARTCARD_REQUIRED 0x00001000 /* 1 Smart Card required */ 421 #define WBC_ACB_TRUSTED_FOR_DELEGATION 0x00002000 /* 1 Trusted for Delegation */ 422 #define WBC_ACB_NOT_DELEGATED 0x00004000 /* 1 Not delegated */ 423 #define WBC_ACB_USE_DES_KEY_ONLY 0x00008000 /* 1 Use DES key only */ 424 #define WBC_ACB_DONT_REQUIRE_PREAUTH 0x00010000 /* 1 Preauth not required */ 425 #define WBC_ACB_PW_EXPIRED 0x00020000 /* 1 Password Expired */ 426 #define WBC_ACB_NO_AUTH_DATA_REQD 0x00080000 /* 1 = No authorization data required */ 427 428 struct wbcAuthErrorInfo { 429 uint32_t nt_status; 430 char *nt_string; 431 int32_t pam_error; 432 char *display_string; 433 uint8_t authoritative; 434 }; 435 436 /** 437 * @brief User Password Policy Information 438 **/ 439 440 /* wbcUserPasswordPolicyInfo->password_properties */ 441 442 #define WBC_DOMAIN_PASSWORD_COMPLEX 0x00000001 443 #define WBC_DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002 444 #define WBC_DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004 445 #define WBC_DOMAIN_PASSWORD_LOCKOUT_ADMINS 0x00000008 446 #define WBC_DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010 447 #define WBC_DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020 448 449 struct wbcUserPasswordPolicyInfo { 450 uint32_t min_length_password; 451 uint32_t password_history; 452 uint32_t password_properties; 453 uint64_t expire; 454 uint64_t min_passwordage; 455 }; 456 457 /** 458 * @brief Change Password Reject Reason 459 **/ 460 461 enum wbcPasswordChangeRejectReason { 462 WBC_PWD_CHANGE_NO_ERROR=0, 463 WBC_PWD_CHANGE_PASSWORD_TOO_SHORT=1, 464 WBC_PWD_CHANGE_PWD_IN_HISTORY=2, 465 WBC_PWD_CHANGE_USERNAME_IN_PASSWORD=3, 466 WBC_PWD_CHANGE_FULLNAME_IN_PASSWORD=4, 467 WBC_PWD_CHANGE_NOT_COMPLEX=5, 468 WBC_PWD_CHANGE_MACHINE_NOT_DEFAULT=6, 469 WBC_PWD_CHANGE_FAILED_BY_FILTER=7, 470 WBC_PWD_CHANGE_PASSWORD_TOO_LONG=8 471 }; 472 473 /* Note: this defines exist for compatibility reasons with existing code */ 474 #define WBC_PWD_CHANGE_REJECT_OTHER WBC_PWD_CHANGE_NO_ERROR 475 #define WBC_PWD_CHANGE_REJECT_TOO_SHORT WBC_PWD_CHANGE_PASSWORD_TOO_SHORT 476 #define WBC_PWD_CHANGE_REJECT_IN_HISTORY WBC_PWD_CHANGE_PWD_IN_HISTORY 477 #define WBC_PWD_CHANGE_REJECT_COMPLEXITY WBC_PWD_CHANGE_NOT_COMPLEX 478 479 /** 480 * @brief Logoff User Parameters 481 **/ 482 483 struct wbcLogoffUserParams { 484 const char *username; 485 size_t num_blobs; 486 struct wbcNamedBlob *blobs; 487 }; 488 489 /** @brief Credential cache log-on parameters 490 * 491 */ 492 493 struct wbcCredentialCacheParams { 494 const char *account_name; 495 const char *domain_name; 496 enum wbcCredentialCacheLevel { 497 WBC_CREDENTIAL_CACHE_LEVEL_NTLMSSP = 1 498 } level; 499 size_t num_blobs; 500 struct wbcNamedBlob *blobs; 501 }; 502 503 504 /** @brief Info returned by credential cache auth 505 * 506 */ 507 508 struct wbcCredentialCacheInfo { 509 size_t num_blobs; 510 struct wbcNamedBlob *blobs; 511 }; 512 513 /* 514 * DomainControllerInfo struct 515 */ 516 struct wbcDomainControllerInfo { 517 char *dc_name; 518 }; 519 520 /* 521 * DomainControllerInfoEx struct 522 */ 523 struct wbcDomainControllerInfoEx { 524 const char *dc_unc; 525 const char *dc_address; 526 uint16_t dc_address_type; 527 struct wbcGuid *domain_guid; 528 const char *domain_name; 529 const char *forest_name; 530 uint32_t dc_flags; 531 const char *dc_site_name; 532 const char *client_site_name; 533 }; 534 535 /********************************************************** 536 * Memory Management 537 **********************************************************/ 538 539 /** 540 * @brief Free library allocated memory 541 * 542 * @param * Pointer to free 543 * 544 * @return void 545 **/ 546 void wbcFreeMemory(void*); 547 548 549 /********************************************************** 550 * Context Management 551 **********************************************************/ 552 553 /** 554 * @brief Create a new wbcContext context 555 * 556 * @return wbcContext 557 **/ 558 struct wbcContext *wbcCtxCreate(void); 559 560 /** 561 * @brief Free a library context 562 * 563 * @param ctx wbcContext to free 564 * 565 * @return void 566 **/ 567 void wbcCtxFree(struct wbcContext *ctx); 568 569 570 571 /* 572 * Utility functions for dealing with SIDs 573 */ 574 575 /** 576 * @brief Get a string representation of the SID type 577 * 578 * @param type type of the SID 579 * 580 * @return string representation of the SID type 581 */ 582 const char* wbcSidTypeString(enum wbcSidType type); 583 584 #define WBC_SID_STRING_BUFLEN (15*11+25) 585 586 /* 587 * @brief Print a sid into a buffer 588 * 589 * @param sid Binary Security Identifier 590 * @param buf Target buffer 591 * @param buflen Target buffer length 592 * 593 * @return Resulting string length. 594 */ 595 int wbcSidToStringBuf(const struct wbcDomainSid *sid, char *buf, int buflen); 596 597 /** 598 * @brief Convert a binary SID to a character string 599 * 600 * @param sid Binary Security Identifier 601 * @param **sid_string Resulting character string 602 * 603 * @return #wbcErr 604 **/ 605 wbcErr wbcSidToString(const struct wbcDomainSid *sid, 606 char **sid_string); 607 608 /** 609 * @brief Convert a character string to a binary SID 610 * 611 * @param *sid_string Character string in the form of S-... 612 * @param sid Resulting binary SID 613 * 614 * @return #wbcErr 615 **/ 616 wbcErr wbcStringToSid(const char *sid_string, 617 struct wbcDomainSid *sid); 618 619 /* 620 * Utility functions for dealing with GUIDs 621 */ 622 623 /** 624 * @brief Convert a binary GUID to a character string 625 * 626 * @param guid Binary Guid 627 * @param **guid_string Resulting character string 628 * 629 * @return #wbcErr 630 **/ 631 wbcErr wbcGuidToString(const struct wbcGuid *guid, 632 char **guid_string); 633 634 /** 635 * @brief Convert a character string to a binary GUID 636 * 637 * @param *guid_string Character string 638 * @param guid Resulting binary GUID 639 * 640 * @return #wbcErr 641 **/ 642 wbcErr wbcStringToGuid(const char *guid_string, 643 struct wbcGuid *guid); 644 645 /** 646 * @brief Ping winbindd to see if the daemon is running 647 * 648 * @param *ctx wbclient Context 649 * 650 * @return #wbcErr 651 **/ 652 wbcErr wbcCtxPing(struct wbcContext *ctx); 653 654 /** 655 * @brief Ping winbindd to see if the daemon is running 656 * 657 * @return #wbcErr 658 **/ 659 wbcErr wbcPing(void); 660 661 wbcErr wbcLibraryDetails(struct wbcLibraryDetails **details); 662 663 wbcErr wbcCtxInterfaceDetails(struct wbcContext *ctx, 664 struct wbcInterfaceDetails **details); 665 wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **details); 666 667 /********************************************************** 668 * Name/SID conversion 669 **********************************************************/ 670 671 /** 672 * @brief Convert a domain and name to SID 673 * 674 * @param *ctx wbclient Context 675 * @param dom_name Domain name (possibly "") 676 * @param name User or group name 677 * @param *sid Pointer to the resolved domain SID 678 * @param *name_type Pointer to the SID type 679 * 680 * @return #wbcErr 681 **/ 682 wbcErr wbcCtxLookupName(struct wbcContext *ctx, 683 const char *dom_name, 684 const char *name, 685 struct wbcDomainSid *sid, 686 enum wbcSidType *name_type); 687 688 /** 689 * @brief Convert a domain and name to SID 690 * 691 * @param dom_name Domain name (possibly "") 692 * @param name User or group name 693 * @param *sid Pointer to the resolved domain SID 694 * @param *name_type Pointer to the SID type 695 * 696 * @return #wbcErr 697 **/ 698 wbcErr wbcLookupName(const char *dom_name, 699 const char *name, 700 struct wbcDomainSid *sid, 701 enum wbcSidType *name_type); 702 703 /** 704 * @brief Convert a SID to a domain and name 705 * 706 * @param *ctx wbclient Context 707 * @param *sid Pointer to the domain SID to be resolved 708 * @param domain Resolved Domain name (possibly "") 709 * @param name Resolved User or group name 710 * @param *name_type Pointer to the resolved SID type 711 * 712 * @return #wbcErr 713 **/ 714 wbcErr wbcCtxLookupSid(struct wbcContext *ctx, 715 const struct wbcDomainSid *sid, 716 char **domain, 717 char **name, 718 enum wbcSidType *name_type); 719 720 /** 721 * @brief Convert a SID to a domain and name 722 * 723 * @param *sid Pointer to the domain SID to be resolved 724 * @param domain Resolved Domain name (possibly "") 725 * @param name Resolved User or group name 726 * @param *name_type Pointer to the resolved SID type 727 * 728 * @return #wbcErr 729 **/ 730 wbcErr wbcLookupSid(const struct wbcDomainSid *sid, 731 char **domain, 732 char **name, 733 enum wbcSidType *name_type); 734 735 struct wbcTranslatedName { 736 enum wbcSidType type; 737 char *name; 738 int domain_index; 739 }; 740 741 wbcErr wbcCtxLookupSids(struct wbcContext *ctx, 742 const struct wbcDomainSid *sids, int num_sids, 743 struct wbcDomainInfo **domains, int *num_domains, 744 struct wbcTranslatedName **names); 745 746 wbcErr wbcLookupSids(const struct wbcDomainSid *sids, int num_sids, 747 struct wbcDomainInfo **domains, int *num_domains, 748 struct wbcTranslatedName **names); 749 750 /** 751 * @brief Translate a collection of RIDs within a domain to names 752 */ 753 wbcErr wbcCtxLookupRids(struct wbcContext *ctx, 754 struct wbcDomainSid *dom_sid, 755 int num_rids, 756 uint32_t *rids, 757 const char **domain_name, 758 const char ***names, 759 enum wbcSidType **types); 760 761 /** 762 * @brief Translate a collection of RIDs within a domain to names 763 */ 764 wbcErr wbcLookupRids(struct wbcDomainSid *dom_sid, 765 int num_rids, 766 uint32_t *rids, 767 const char **domain_name, 768 const char ***names, 769 enum wbcSidType **types); 770 771 /* 772 * @brief Get the groups a user belongs to 773 **/ 774 wbcErr wbcCtxLookupUserSids(struct wbcContext *ctx, 775 const struct wbcDomainSid *user_sid, 776 bool domain_groups_only, 777 uint32_t *num_sids, 778 struct wbcDomainSid **sids); 779 780 /* 781 * @brief Get the groups a user belongs to 782 **/ 783 wbcErr wbcLookupUserSids(const struct wbcDomainSid *user_sid, 784 bool domain_groups_only, 785 uint32_t *num_sids, 786 struct wbcDomainSid **sids); 787 788 /* 789 * @brief Get alias membership for sids 790 **/ 791 wbcErr wbcCtxGetSidAliases(struct wbcContext *ctx, 792 const struct wbcDomainSid *dom_sid, 793 struct wbcDomainSid *sids, 794 uint32_t num_sids, 795 uint32_t **alias_rids, 796 uint32_t *num_alias_rids); 797 798 /* 799 * @brief Get alias membership for sids 800 **/ 801 wbcErr wbcGetSidAliases(const struct wbcDomainSid *dom_sid, 802 struct wbcDomainSid *sids, 803 uint32_t num_sids, 804 uint32_t **alias_rids, 805 uint32_t *num_alias_rids); 806 807 /** 808 * @brief Lists Users 809 **/ 810 wbcErr wbcCtxListUsers(struct wbcContext *ctx, 811 const char *domain_name, 812 uint32_t *num_users, 813 const char ***users); 814 815 /** 816 * @brief Lists Users 817 **/ 818 wbcErr wbcListUsers(const char *domain_name, 819 uint32_t *num_users, 820 const char ***users); 821 822 /** 823 * @brief Lists Groups 824 **/ 825 wbcErr wbcCtxListGroups(struct wbcContext *ctx, 826 const char *domain_name, 827 uint32_t *num_groups, 828 const char ***groups); 829 830 /** 831 * @brief Lists Groups 832 **/ 833 wbcErr wbcListGroups(const char *domain_name, 834 uint32_t *num_groups, 835 const char ***groups); 836 837 wbcErr wbcCtxGetDisplayName(struct wbcContext *ctx, 838 const struct wbcDomainSid *sid, 839 char **pdomain, 840 char **pfullname, 841 enum wbcSidType *pname_type); 842 843 wbcErr wbcGetDisplayName(const struct wbcDomainSid *sid, 844 char **pdomain, 845 char **pfullname, 846 enum wbcSidType *pname_type); 847 848 /********************************************************** 849 * SID/uid/gid Mappings 850 **********************************************************/ 851 852 /** 853 * @brief Convert a Windows SID to a Unix uid, allocating an uid if needed 854 * 855 * @param *ctx wbclient Context 856 * @param *sid Pointer to the domain SID to be resolved 857 * @param *puid Pointer to the resolved uid_t value 858 * 859 * @return #wbcErr 860 * 861 **/ 862 wbcErr wbcCtxSidToUid(struct wbcContext *ctx, 863 const struct wbcDomainSid *sid, 864 uid_t *puid); 865 866 /** 867 * @brief Convert a Windows SID to a Unix uid, allocating an uid if needed 868 * 869 * @param *sid Pointer to the domain SID to be resolved 870 * @param *puid Pointer to the resolved uid_t value 871 * 872 * @return #wbcErr 873 * 874 **/ 875 wbcErr wbcSidToUid(const struct wbcDomainSid *sid, 876 uid_t *puid); 877 878 /** 879 * @brief Convert a Windows SID to a Unix uid if there already is a mapping 880 * 881 * @param *sid Pointer to the domain SID to be resolved 882 * @param *puid Pointer to the resolved uid_t value 883 * 884 * @return #wbcErr 885 * 886 **/ 887 wbcErr wbcQuerySidToUid(const struct wbcDomainSid *sid, 888 uid_t *puid); 889 890 /** 891 * @brief Convert a Unix uid to a Windows SID, allocating a SID if needed 892 * 893 * @param *ctx wbclient Context 894 * @param uid Unix uid to be resolved 895 * @param *sid Pointer to the resolved domain SID 896 * 897 * @return #wbcErr 898 * 899 **/ 900 wbcErr wbcCtxUidToSid(struct wbcContext *ctx, uid_t uid, 901 struct wbcDomainSid *sid); 902 903 /** 904 * @brief Convert a Unix uid to a Windows SID, allocating a SID if needed 905 * 906 * @param uid Unix uid to be resolved 907 * @param *sid Pointer to the resolved domain SID 908 * 909 * @return #wbcErr 910 * 911 **/ 912 wbcErr wbcUidToSid(uid_t uid, 913 struct wbcDomainSid *sid); 914 915 /** 916 * @brief Convert a Unix uid to a Windows SID if there already is a mapping 917 * 918 * @param uid Unix uid to be resolved 919 * @param *sid Pointer to the resolved domain SID 920 * 921 * @return #wbcErr 922 * 923 **/ 924 wbcErr wbcQueryUidToSid(uid_t uid, 925 struct wbcDomainSid *sid); 926 927 /** 928 * @brief Convert a Windows SID to a Unix gid, allocating a gid if needed 929 * 930 * @param *ctx wbclient Context 931 * @param *sid Pointer to the domain SID to be resolved 932 * @param *pgid Pointer to the resolved gid_t value 933 * 934 * @return #wbcErr 935 * 936 **/ 937 wbcErr wbcCtxSidToGid(struct wbcContext *ctx, 938 const struct wbcDomainSid *sid, 939 gid_t *pgid); 940 941 /** 942 * @brief Convert a Windows SID to a Unix gid, allocating a gid if needed 943 * 944 * @param *sid Pointer to the domain SID to be resolved 945 * @param *pgid Pointer to the resolved gid_t value 946 * 947 * @return #wbcErr 948 * 949 **/ 950 wbcErr wbcSidToGid(const struct wbcDomainSid *sid, 951 gid_t *pgid); 952 953 /** 954 * @brief Convert a Windows SID to a Unix gid if there already is a mapping 955 * 956 * @param *sid Pointer to the domain SID to be resolved 957 * @param *pgid Pointer to the resolved gid_t value 958 * 959 * @return #wbcErr 960 * 961 **/ 962 wbcErr wbcQuerySidToGid(const struct wbcDomainSid *sid, 963 gid_t *pgid); 964 965 /** 966 * @brief Convert a Unix gid to a Windows SID, allocating a SID if needed 967 * 968 * @param *ctx wbclient Context 969 * @param gid Unix gid to be resolved 970 * @param *sid Pointer to the resolved domain SID 971 * 972 * @return #wbcErr 973 * 974 **/ 975 wbcErr wbcCtxGidToSid(struct wbcContext *ctx, gid_t gid, 976 struct wbcDomainSid *sid); 977 978 /** 979 * @brief Convert a Unix gid to a Windows SID, allocating a SID if needed 980 * 981 * @param gid Unix gid to be resolved 982 * @param *sid Pointer to the resolved domain SID 983 * 984 * @return #wbcErr 985 * 986 **/ 987 wbcErr wbcGidToSid(gid_t gid, 988 struct wbcDomainSid *sid); 989 990 /** 991 * @brief Convert a Unix gid to a Windows SID if there already is a mapping 992 * 993 * @param gid Unix gid to be resolved 994 * @param *sid Pointer to the resolved domain SID 995 * 996 * @return #wbcErr 997 * 998 **/ 999 wbcErr wbcQueryGidToSid(gid_t gid, 1000 struct wbcDomainSid *sid); 1001 1002 enum wbcIdType { 1003 WBC_ID_TYPE_NOT_SPECIFIED, 1004 WBC_ID_TYPE_UID, 1005 WBC_ID_TYPE_GID, 1006 WBC_ID_TYPE_BOTH 1007 }; 1008 1009 union wbcUnixIdContainer { 1010 uid_t uid; 1011 gid_t gid; 1012 }; 1013 1014 struct wbcUnixId { 1015 enum wbcIdType type; 1016 union wbcUnixIdContainer id; 1017 }; 1018 1019 /** 1020 * @brief Convert a list of sids to unix ids 1021 * 1022 * @param *ctx wbclient Context 1023 * @param sids Pointer to an array of SIDs to convert 1024 * @param num_sids Number of SIDs 1025 * @param ids Preallocated output array for translated IDs 1026 * 1027 * @return #wbcErr 1028 * 1029 **/ 1030 wbcErr wbcCtxSidsToUnixIds(struct wbcContext *ctx, 1031 const struct wbcDomainSid *sids, uint32_t num_sids, 1032 struct wbcUnixId *ids); 1033 1034 /** 1035 * @brief Convert a list of sids to unix ids 1036 * 1037 * @param sids Pointer to an array of SIDs to convert 1038 * @param num_sids Number of SIDs 1039 * @param ids Preallocated output array for translated IDs 1040 * 1041 * @return #wbcErr 1042 * 1043 **/ 1044 wbcErr wbcSidsToUnixIds(const struct wbcDomainSid *sids, uint32_t num_sids, 1045 struct wbcUnixId *ids); 1046 1047 wbcErr wbcCtxUnixIdsToSids(struct wbcContext *ctx, 1048 const struct wbcUnixId *ids, uint32_t num_ids, 1049 struct wbcDomainSid *sids); 1050 wbcErr wbcUnixIdsToSids(const struct wbcUnixId *ids, uint32_t num_ids, 1051 struct wbcDomainSid *sids); 1052 1053 /** 1054 * @brief Obtain a new uid from Winbind 1055 * 1056 * @param *ctx wbclient Context 1057 * @param *puid Pointer to the allocated uid 1058 * 1059 * @return #wbcErr 1060 **/ 1061 wbcErr wbcCtxAllocateUid(struct wbcContext *ctx, uid_t *puid); 1062 1063 /** 1064 * @brief Obtain a new uid from Winbind 1065 * 1066 * @param *puid Pointer to the allocated uid 1067 * 1068 * @return #wbcErr 1069 **/ 1070 wbcErr wbcAllocateUid(uid_t *puid); 1071 1072 /** 1073 * @brief Obtain a new gid from Winbind 1074 * 1075 * @param *ctx wbclient Context 1076 * @param *pgid Pointer to the allocated gid 1077 * 1078 * @return #wbcErr 1079 **/ 1080 wbcErr wbcCtxAllocateGid(struct wbcContext *ctx, gid_t *pgid); 1081 1082 /** 1083 * @brief Obtain a new gid from Winbind 1084 * 1085 * @param *pgid Pointer to the allocated gid 1086 * 1087 * @return #wbcErr 1088 **/ 1089 wbcErr wbcAllocateGid(gid_t *pgid); 1090 1091 /** 1092 * @brief Set an user id mapping 1093 * 1094 * @param uid Uid of the desired mapping. 1095 * @param *sid Pointer to the sid of the desired mapping. 1096 * 1097 * @return #wbcErr 1098 * 1099 * @deprecated This method is not impemented any more and should 1100 * be removed in the next major version change. 1101 **/ 1102 wbcErr wbcSetUidMapping(uid_t uid, const struct wbcDomainSid *sid); 1103 1104 /** 1105 * @brief Set a group id mapping 1106 * 1107 * @param gid Gid of the desired mapping. 1108 * @param *sid Pointer to the sid of the desired mapping. 1109 * 1110 * @return #wbcErr 1111 * 1112 * @deprecated This method is not impemented any more and should 1113 * be removed in the next major version change. 1114 **/ 1115 wbcErr wbcSetGidMapping(gid_t gid, const struct wbcDomainSid *sid); 1116 1117 /** 1118 * @brief Remove a user id mapping 1119 * 1120 * @param uid Uid of the mapping to remove. 1121 * @param *sid Pointer to the sid of the mapping to remove. 1122 * 1123 * @return #wbcErr 1124 * 1125 * @deprecated This method is not impemented any more and should 1126 * be removed in the next major version change. 1127 **/ 1128 wbcErr wbcRemoveUidMapping(uid_t uid, const struct wbcDomainSid *sid); 1129 1130 /** 1131 * @brief Remove a group id mapping 1132 * 1133 * @param gid Gid of the mapping to remove. 1134 * @param *sid Pointer to the sid of the mapping to remove. 1135 * 1136 * @return #wbcErr 1137 * 1138 * @deprecated This method is not impemented any more and should 1139 * be removed in the next major version change. 1140 **/ 1141 wbcErr wbcRemoveGidMapping(gid_t gid, const struct wbcDomainSid *sid); 1142 1143 /** 1144 * @brief Set the highwater mark for allocated uids. 1145 * 1146 * @param uid_hwm The new uid highwater mark value 1147 * 1148 * @return #wbcErr 1149 * 1150 * @deprecated This method is not impemented any more and should 1151 * be removed in the next major version change. 1152 **/ 1153 wbcErr wbcSetUidHwm(uid_t uid_hwm); 1154 1155 /** 1156 * @brief Set the highwater mark for allocated gids. 1157 * 1158 * @param gid_hwm The new gid highwater mark value 1159 * 1160 * @return #wbcErr 1161 * 1162 * @deprecated This method is not impemented any more and should 1163 * be removed in the next major version change. 1164 **/ 1165 wbcErr wbcSetGidHwm(gid_t gid_hwm); 1166 1167 /********************************************************** 1168 * NSS Lookup User/Group details 1169 **********************************************************/ 1170 1171 /** 1172 * @brief Fill in a struct passwd* for a domain user based 1173 * on username 1174 * 1175 * @param *ctx wbclient Context 1176 * @param *name Username to lookup 1177 * @param **pwd Pointer to resulting struct passwd* from the query. 1178 * 1179 * @return #wbcErr 1180 **/ 1181 wbcErr wbcCtxGetpwnam(struct wbcContext *ctx, 1182 const char *name, struct passwd **pwd); 1183 1184 /** 1185 * @brief Fill in a struct passwd* for a domain user based 1186 * on username 1187 * 1188 * @param *name Username to lookup 1189 * @param **pwd Pointer to resulting struct passwd* from the query. 1190 * 1191 * @return #wbcErr 1192 **/ 1193 wbcErr wbcGetpwnam(const char *name, struct passwd **pwd); 1194 1195 /** 1196 * @brief Fill in a struct passwd* for a domain user based 1197 * on uid 1198 * 1199 * @param *ctx wbclient Context 1200 * @param uid Uid to lookup 1201 * @param **pwd Pointer to resulting struct passwd* from the query. 1202 * 1203 * @return #wbcErr 1204 **/ 1205 wbcErr wbcCtxGetpwuid(struct wbcContext *ctx, 1206 uid_t uid, struct passwd **pwd); 1207 1208 /** 1209 * @brief Fill in a struct passwd* for a domain user based 1210 * on uid 1211 * 1212 * @param uid Uid to lookup 1213 * @param **pwd Pointer to resulting struct passwd* from the query. 1214 * 1215 * @return #wbcErr 1216 **/ 1217 wbcErr wbcGetpwuid(uid_t uid, struct passwd **pwd); 1218 1219 /** 1220 * @brief Fill in a struct passwd* for a domain user based 1221 * on sid 1222 * 1223 * @param *ctx wbclient Context 1224 * @param sid Sid to lookup 1225 * @param **pwd Pointer to resulting struct passwd* from the query. 1226 * 1227 * @return #wbcErr 1228 **/ 1229 wbcErr wbcCtxGetpwsid(struct wbcContext *ctx, 1230 struct wbcDomainSid * sid, struct passwd **pwd); 1231 1232 /** 1233 * @brief Fill in a struct passwd* for a domain user based 1234 * on sid 1235 * 1236 * @param sid Sid to lookup 1237 * @param **pwd Pointer to resulting struct passwd* from the query. 1238 * 1239 * @return #wbcErr 1240 **/ 1241 wbcErr wbcGetpwsid(struct wbcDomainSid * sid, struct passwd **pwd); 1242 1243 /** 1244 * @brief Fill in a struct passwd* for a domain user based 1245 * on username 1246 * 1247 * @param *ctx wbclient Context 1248 * @param *name Username to lookup 1249 * @param **grp Pointer to resulting struct group* from the query. 1250 * 1251 * @return #wbcErr 1252 **/ 1253 wbcErr wbcCtxGetgrnam(struct wbcContext *ctx, 1254 const char *name, struct group **grp); 1255 1256 /** 1257 * @brief Fill in a struct passwd* for a domain user based 1258 * on username 1259 * 1260 * @param *name Username to lookup 1261 * @param **grp Pointer to resulting struct group* from the query. 1262 * 1263 * @return #wbcErr 1264 **/ 1265 wbcErr wbcGetgrnam(const char *name, struct group **grp); 1266 1267 /** 1268 * @brief Fill in a struct passwd* for a domain user based 1269 * on uid 1270 * 1271 * @param *ctx wbclient Context 1272 * @param gid Uid to lookup 1273 * @param **grp Pointer to resulting struct group* from the query. 1274 * 1275 * @return #wbcErr 1276 **/ 1277 wbcErr wbcCtxGetgrgid(struct wbcContext *ctx, 1278 gid_t gid, struct group **grp); 1279 1280 /** 1281 * @brief Fill in a struct passwd* for a domain user based 1282 * on uid 1283 * 1284 * @param gid Uid to lookup 1285 * @param **grp Pointer to resulting struct group* from the query. 1286 * 1287 * @return #wbcErr 1288 **/ 1289 wbcErr wbcGetgrgid(gid_t gid, struct group **grp); 1290 1291 /** 1292 * @brief Reset the passwd iterator 1293 * 1294 * @param *ctx wbclient Context 1295 * 1296 * @return #wbcErr 1297 **/ 1298 wbcErr wbcCtxSetpwent(struct wbcContext *ctx); 1299 1300 /** 1301 * @brief Reset the passwd iterator 1302 * 1303 * @return #wbcErr 1304 **/ 1305 wbcErr wbcSetpwent(void); 1306 1307 /** 1308 * @brief Close the passwd iterator 1309 * 1310 * @param *ctx wbclient Context 1311 * 1312 * @return #wbcErr 1313 **/ 1314 wbcErr wbcCtxEndpwent(struct wbcContext *ctx); 1315 1316 /** 1317 * @brief Close the passwd iterator 1318 * 1319 * @return #wbcErr 1320 **/ 1321 wbcErr wbcEndpwent(void); 1322 1323 /** 1324 * @brief Return the next struct passwd* entry from the pwent iterator 1325 * 1326 * @param *ctx wbclient Context 1327 * @param **pwd Pointer to resulting struct passwd* from the query. 1328 * 1329 * @return #wbcErr 1330 **/ 1331 wbcErr wbcCtxGetpwent(struct wbcContext *ctx, struct passwd **pwd); 1332 1333 /** 1334 * @brief Return the next struct passwd* entry from the pwent iterator 1335 * 1336 * @param **pwd Pointer to resulting struct passwd* from the query. 1337 * 1338 * @return #wbcErr 1339 **/ 1340 wbcErr wbcGetpwent(struct passwd **pwd); 1341 1342 /** 1343 * @brief Reset the group iterator 1344 * 1345 * @param *ctx wbclient Context 1346 * 1347 * @return #wbcErr 1348 **/ 1349 wbcErr wbcCtxSetgrent(struct wbcContext *ctx); 1350 1351 /** 1352 * @brief Reset the group iterator 1353 * 1354 * @return #wbcErr 1355 **/ 1356 wbcErr wbcSetgrent(void); 1357 1358 /** 1359 * @brief Close the group iterator 1360 * 1361 * @param *ctx wbclient Context 1362 * 1363 * @return #wbcErr 1364 **/ 1365 wbcErr wbcCtxEndgrent(struct wbcContext *ctx); 1366 1367 /** 1368 * @brief Close the group iterator 1369 * 1370 * @return #wbcErr 1371 **/ 1372 wbcErr wbcEndgrent(void); 1373 1374 /** 1375 * @brief Return the next struct group* entry from the pwent iterator 1376 * 1377 * @param *ctx wbclient Context 1378 * @param **grp Pointer to resulting struct group* from the query. 1379 * 1380 * @return #wbcErr 1381 **/ 1382 wbcErr wbcCtxGetgrent(struct wbcContext *ctx, struct group **grp); 1383 1384 /** 1385 * @brief Return the next struct group* entry from the pwent iterator 1386 * 1387 * @param **grp Pointer to resulting struct group* from the query. 1388 * 1389 * @return #wbcErr 1390 **/ 1391 wbcErr wbcGetgrent(struct group **grp); 1392 1393 /** 1394 * @brief Return the next struct group* entry from the pwent iterator 1395 * 1396 * This is similar to #wbcGetgrent, just that the member list is empty 1397 * 1398 * @param *ctx wbclient Context 1399 * @param **grp Pointer to resulting struct group* from the query. 1400 * 1401 * @return #wbcErr 1402 **/ 1403 wbcErr wbcCtxGetgrlist(struct wbcContext *ctx, struct group **grp); 1404 1405 /** 1406 * @brief Return the next struct group* entry from the pwent iterator 1407 * 1408 * This is similar to #wbcGetgrent, just that the member list is empty 1409 * 1410 * @param **grp Pointer to resulting struct group* from the query. 1411 * 1412 * @return #wbcErr 1413 **/ 1414 wbcErr wbcGetgrlist(struct group **grp); 1415 1416 /** 1417 * @brief Return the unix group array belonging to the given user 1418 * 1419 * @param *ctx wbclient Context 1420 * @param *account The given user name 1421 * @param *num_groups Number of elements returned in the groups array 1422 * @param **_groups Pointer to resulting gid_t array. 1423 * 1424 * @return #wbcErr 1425 **/ 1426 wbcErr wbcCtxGetGroups(struct wbcContext *ctx, 1427 const char *account, 1428 uint32_t *num_groups, 1429 gid_t **_groups); 1430 1431 /** 1432 * @brief Return the unix group array belonging to the given user 1433 * 1434 * @param *account The given user name 1435 * @param *num_groups Number of elements returned in the groups array 1436 * @param **_groups Pointer to resulting gid_t array. 1437 * 1438 * @return #wbcErr 1439 **/ 1440 wbcErr wbcGetGroups(const char *account, 1441 uint32_t *num_groups, 1442 gid_t **_groups); 1443 1444 1445 /********************************************************** 1446 * Lookup Domain information 1447 **********************************************************/ 1448 1449 /** 1450 * @brief Lookup the current status of a trusted domain 1451 * 1452 * @param *ctx wbclient Context 1453 * @param domain The domain to query 1454 * 1455 * @param dinfo A pointer to store the returned domain_info struct. 1456 * 1457 * @return #wbcErr 1458 **/ 1459 wbcErr wbcCtxDomainInfo(struct wbcContext *ctx, 1460 const char *domain, 1461 struct wbcDomainInfo **dinfo); 1462 1463 /** 1464 * @brief Lookup the current status of a trusted domain 1465 * 1466 * @param domain The domain to query 1467 * 1468 * @param dinfo A pointer to store the returned domain_info struct. 1469 * 1470 * @return #wbcErr 1471 **/ 1472 wbcErr wbcDomainInfo(const char *domain, 1473 struct wbcDomainInfo **dinfo); 1474 1475 /** 1476 * @brief Lookup the currently contacted DCs 1477 * 1478 * @param *ctx wbclient Context 1479 * @param domain The domain to query 1480 * 1481 * @param num_dcs Number of DCs currently known 1482 * @param dc_names Names of the currently known DCs 1483 * @param dc_ips IP addresses of the currently known DCs 1484 * 1485 * @return #wbcErr 1486 **/ 1487 wbcErr wbcCtxDcInfo(struct wbcContext *ctx, 1488 const char *domain, size_t *num_dcs, 1489 const char ***dc_names, const char ***dc_ips); 1490 1491 /** 1492 * @brief Lookup the currently contacted DCs 1493 * 1494 * @param domain The domain to query 1495 * 1496 * @param num_dcs Number of DCs currently known 1497 * @param dc_names Names of the currently known DCs 1498 * @param dc_ips IP addresses of the currently known DCs 1499 * 1500 * @return #wbcErr 1501 **/ 1502 wbcErr wbcDcInfo(const char *domain, size_t *num_dcs, 1503 const char ***dc_names, const char ***dc_ips); 1504 1505 /** 1506 * @brief Enumerate the domain trusts known by Winbind 1507 * 1508 * @param *ctx wbclient Context 1509 * @param **domains Pointer to the allocated domain list array 1510 * @param *num_domains Pointer to number of domains returned 1511 * 1512 * @return #wbcErr 1513 **/ 1514 wbcErr wbcCtxListTrusts(struct wbcContext *ctx, 1515 struct wbcDomainInfo **domains, 1516 size_t *num_domains); 1517 1518 /** 1519 * @brief Enumerate the domain trusts known by Winbind 1520 * 1521 * @param **domains Pointer to the allocated domain list array 1522 * @param *num_domains Pointer to number of domains returned 1523 * 1524 * @return #wbcErr 1525 **/ 1526 wbcErr wbcListTrusts(struct wbcDomainInfo **domains, 1527 size_t *num_domains); 1528 1529 /* Flags for wbcLookupDomainController */ 1530 1531 #define WBC_LOOKUP_DC_FORCE_REDISCOVERY 0x00000001 1532 #define WBC_LOOKUP_DC_DS_REQUIRED 0x00000010 1533 #define WBC_LOOKUP_DC_DS_PREFERRED 0x00000020 1534 #define WBC_LOOKUP_DC_GC_SERVER_REQUIRED 0x00000040 1535 #define WBC_LOOKUP_DC_PDC_REQUIRED 0x00000080 1536 #define WBC_LOOKUP_DC_BACKGROUND_ONLY 0x00000100 1537 #define WBC_LOOKUP_DC_IP_REQUIRED 0x00000200 1538 #define WBC_LOOKUP_DC_KDC_REQUIRED 0x00000400 1539 #define WBC_LOOKUP_DC_TIMESERV_REQUIRED 0x00000800 1540 #define WBC_LOOKUP_DC_WRITABLE_REQUIRED 0x00001000 1541 #define WBC_LOOKUP_DC_GOOD_TIMESERV_PREFERRED 0x00002000 1542 #define WBC_LOOKUP_DC_AVOID_SELF 0x00004000 1543 #define WBC_LOOKUP_DC_ONLY_LDAP_NEEDED 0x00008000 1544 #define WBC_LOOKUP_DC_IS_FLAT_NAME 0x00010000 1545 #define WBC_LOOKUP_DC_IS_DNS_NAME 0x00020000 1546 #define WBC_LOOKUP_DC_TRY_NEXTCLOSEST_SITE 0x00040000 1547 #define WBC_LOOKUP_DC_DS_6_REQUIRED 0x00080000 1548 #define WBC_LOOKUP_DC_RETURN_DNS_NAME 0x40000000 1549 #define WBC_LOOKUP_DC_RETURN_FLAT_NAME 0x80000000 1550 1551 /** 1552 * @brief Enumerate the domain trusts known by Winbind 1553 * 1554 * @param *ctx wbclient Context 1555 * @param domain Name of the domain to query for a DC 1556 * @param flags Bit flags used to control the domain location query 1557 * @param *dc_info Pointer to the returned domain controller information 1558 * 1559 * @return #wbcErr 1560 **/ 1561 wbcErr wbcCtxLookupDomainController(struct wbcContext *ctx, 1562 const char *domain, 1563 uint32_t flags, 1564 struct wbcDomainControllerInfo **dc_info); 1565 1566 /** 1567 * @brief Enumerate the domain trusts known by Winbind 1568 * 1569 * @param domain Name of the domain to query for a DC 1570 * @param flags Bit flags used to control the domain location query 1571 * @param *dc_info Pointer to the returned domain controller information 1572 * 1573 * @return #wbcErr 1574 **/ 1575 wbcErr wbcLookupDomainController(const char *domain, 1576 uint32_t flags, 1577 struct wbcDomainControllerInfo **dc_info); 1578 1579 /** 1580 * @brief Get extended domain controller information 1581 * 1582 * @param *ctx wbclient Context 1583 * @param domain Name of the domain to query for a DC 1584 * @param guid Guid of the domain to query for a DC 1585 * @param site Site of the domain to query for a DC 1586 * @param flags Bit flags used to control the domain location query 1587 * @param *dc_info Pointer to the returned extended domain controller information 1588 * 1589 * @return #wbcErr 1590 **/ 1591 wbcErr wbcCtxLookupDomainControllerEx(struct wbcContext *ctx, 1592 const char *domain, 1593 struct wbcGuid *guid, 1594 const char *site, 1595 uint32_t flags, 1596 struct wbcDomainControllerInfoEx **dc_info); 1597 1598 /** 1599 * @brief Get extended domain controller information 1600 * 1601 * @param domain Name of the domain to query for a DC 1602 * @param guid Guid of the domain to query for a DC 1603 * @param site Site of the domain to query for a DC 1604 * @param flags Bit flags used to control the domain location query 1605 * @param *dc_info Pointer to the returned extended domain controller information 1606 * 1607 * @return #wbcErr 1608 **/ 1609 wbcErr wbcLookupDomainControllerEx(const char *domain, 1610 struct wbcGuid *guid, 1611 const char *site, 1612 uint32_t flags, 1613 struct wbcDomainControllerInfoEx **dc_info); 1614 1615 /********************************************************** 1616 * Athenticate functions 1617 **********************************************************/ 1618 1619 /** 1620 * @brief Authenticate a username/password pair 1621 * 1622 * @param *ctx wbclient Context 1623 * @param username Name of user to authenticate 1624 * @param password Clear text password os user 1625 * 1626 * @return #wbcErr 1627 **/ 1628 wbcErr wbcCtxAuthenticateUser(struct wbcContext *ctx, 1629 const char *username, 1630 const char *password); 1631 1632 /** 1633 * @brief Authenticate a username/password pair 1634 * 1635 * @param username Name of user to authenticate 1636 * @param password Clear text password os user 1637 * 1638 * @return #wbcErr 1639 **/ 1640 wbcErr wbcAuthenticateUser(const char *username, 1641 const char *password); 1642 1643 /** 1644 * @brief Authenticate with more detailed information 1645 * 1646 * @param *ctx wbclient Context 1647 * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH 1648 * is not supported yet 1649 * @param info Output details on WBC_ERR_SUCCESS 1650 * @param error Output details on WBC_ERR_AUTH_ERROR 1651 * 1652 * @return #wbcErr 1653 **/ 1654 wbcErr wbcCtxAuthenticateUserEx(struct wbcContext *ctx, 1655 const struct wbcAuthUserParams *params, 1656 struct wbcAuthUserInfo **info, 1657 struct wbcAuthErrorInfo **error); 1658 1659 /** 1660 * @brief Authenticate with more detailed information 1661 * 1662 * @param params Input parameters, WBC_AUTH_USER_LEVEL_HASH 1663 * is not supported yet 1664 * @param info Output details on WBC_ERR_SUCCESS 1665 * @param error Output details on WBC_ERR_AUTH_ERROR 1666 * 1667 * @return #wbcErr 1668 **/ 1669 wbcErr wbcAuthenticateUserEx(const struct wbcAuthUserParams *params, 1670 struct wbcAuthUserInfo **info, 1671 struct wbcAuthErrorInfo **error); 1672 1673 /** 1674 * @brief Logon a User 1675 * 1676 * @param[in] *ctx wbclient Context 1677 * @param[in] params Pointer to a wbcLogonUserParams structure 1678 * @param[out] info Pointer to a pointer to a wbcLogonUserInfo structure 1679 * @param[out] error Pointer to a pointer to a wbcAuthErrorInfo structure 1680 * @param[out] policy Pointer to a pointer to a wbcUserPasswordPolicyInfo structure 1681 * 1682 * @return #wbcErr 1683 **/ 1684 wbcErr wbcCtxLogonUser(struct wbcContext *ctx, 1685 const struct wbcLogonUserParams *params, 1686 struct wbcLogonUserInfo **info, 1687 struct wbcAuthErrorInfo **error, 1688 struct wbcUserPasswordPolicyInfo **policy); 1689 1690 /** 1691 * @brief Logon a User 1692 * 1693 * @param[in] params Pointer to a wbcLogonUserParams structure 1694 * @param[out] info Pointer to a pointer to a wbcLogonUserInfo structure 1695 * @param[out] error Pointer to a pointer to a wbcAuthErrorInfo structure 1696 * @param[out] policy Pointer to a pointer to a wbcUserPasswordPolicyInfo structure 1697 * 1698 * @return #wbcErr 1699 **/ 1700 wbcErr wbcLogonUser(const struct wbcLogonUserParams *params, 1701 struct wbcLogonUserInfo **info, 1702 struct wbcAuthErrorInfo **error, 1703 struct wbcUserPasswordPolicyInfo **policy); 1704 1705 /** 1706 * @brief Trigger a logoff notification to Winbind for a specific user 1707 * 1708 * @param *ctx wbclient Context 1709 * @param username Name of user to remove from Winbind's list of 1710 * logged on users. 1711 * @param uid Uid assigned to the username 1712 * @param ccfilename Absolute path to the Krb5 credentials cache to 1713 * be removed 1714 * 1715 * @return #wbcErr 1716 **/ 1717 wbcErr wbcCtxLogoffUser(struct wbcContext *ctx, 1718 const char *username, uid_t uid, 1719 const char *ccfilename); 1720 1721 /** 1722 * @brief Trigger a logoff notification to Winbind for a specific user 1723 * 1724 * @param username Name of user to remove from Winbind's list of 1725 * logged on users. 1726 * @param uid Uid assigned to the username 1727 * @param ccfilename Absolute path to the Krb5 credentials cache to 1728 * be removed 1729 * 1730 * @return #wbcErr 1731 **/ 1732 wbcErr wbcLogoffUser(const char *username, 1733 uid_t uid, 1734 const char *ccfilename); 1735 1736 /** 1737 * @brief Trigger an extended logoff notification to Winbind for a specific user 1738 * 1739 * @param *ctx wbclient Context 1740 * @param params A wbcLogoffUserParams structure 1741 * @param error User output details on error 1742 * 1743 * @return #wbcErr 1744 **/ 1745 wbcErr wbcCtxLogoffUserEx(struct wbcContext *ctx, 1746 const struct wbcLogoffUserParams *params, 1747 struct wbcAuthErrorInfo **error); 1748 1749 /** 1750 * @brief Trigger an extended logoff notification to Winbind for a specific user 1751 * 1752 * @param params A wbcLogoffUserParams structure 1753 * @param error User output details on error 1754 * 1755 * @return #wbcErr 1756 **/ 1757 wbcErr wbcLogoffUserEx(const struct wbcLogoffUserParams *params, 1758 struct wbcAuthErrorInfo **error); 1759 1760 /** 1761 * @brief Change a password for a user 1762 * 1763 * @param *ctx wbclient Context 1764 * @param username Name of user to authenticate 1765 * @param old_password Old clear text password of user 1766 * @param new_password New clear text password of user 1767 * 1768 * @return #wbcErr 1769 **/ 1770 wbcErr wbcCtxChangeUserPassword(struct wbcContext *ctx, 1771 const char *username, 1772 const char *old_password, 1773 const char *new_password); 1774 1775 /** 1776 * @brief Change a password for a user 1777 * 1778 * @param username Name of user to authenticate 1779 * @param old_password Old clear text password of user 1780 * @param new_password New clear text password of user 1781 * 1782 * @return #wbcErr 1783 **/ 1784 wbcErr wbcChangeUserPassword(const char *username, 1785 const char *old_password, 1786 const char *new_password); 1787 1788 /** 1789 * @brief Change a password for a user with more detailed information upon 1790 * failure 1791 * 1792 * @param *ctx wbclient Context 1793 * @param params Input parameters 1794 * @param error User output details on WBC_ERR_PWD_CHANGE_FAILED 1795 * @param reject_reason New password reject reason on WBC_ERR_PWD_CHANGE_FAILED 1796 * @param policy Password policy output details on WBC_ERR_PWD_CHANGE_FAILED 1797 * 1798 * @return #wbcErr 1799 **/ 1800 wbcErr wbcCtxChangeUserPasswordEx(struct wbcContext *ctx, 1801 const struct wbcChangePasswordParams *params, 1802 struct wbcAuthErrorInfo **error, 1803 enum wbcPasswordChangeRejectReason *reject_reason, 1804 struct wbcUserPasswordPolicyInfo **policy); 1805 1806 /** 1807 * @brief Change a password for a user with more detailed information upon 1808 * failure 1809 * 1810 * @param params Input parameters 1811 * @param error User output details on WBC_ERR_PWD_CHANGE_FAILED 1812 * @param reject_reason New password reject reason on WBC_ERR_PWD_CHANGE_FAILED 1813 * @param policy Password policy output details on WBC_ERR_PWD_CHANGE_FAILED 1814 * 1815 * @return #wbcErr 1816 **/ 1817 wbcErr wbcChangeUserPasswordEx(const struct wbcChangePasswordParams *params, 1818 struct wbcAuthErrorInfo **error, 1819 enum wbcPasswordChangeRejectReason *reject_reason, 1820 struct wbcUserPasswordPolicyInfo **policy); 1821 1822 /** 1823 * @brief Authenticate a user with cached credentials 1824 * 1825 * @param *ctx wbclient Context 1826 * @param *params Pointer to a wbcCredentialCacheParams structure 1827 * @param **info Pointer to a pointer to a wbcCredentialCacheInfo structure 1828 * @param **error Pointer to a pointer to a wbcAuthErrorInfo structure 1829 * 1830 * @return #wbcErr 1831 **/ 1832 wbcErr wbcCtxCredentialCache(struct wbcContext *ctx, 1833 struct wbcCredentialCacheParams *params, 1834 struct wbcCredentialCacheInfo **info, 1835 struct wbcAuthErrorInfo **error); 1836 1837 /** 1838 * @brief Authenticate a user with cached credentials 1839 * 1840 * @param *params Pointer to a wbcCredentialCacheParams structure 1841 * @param **info Pointer to a pointer to a wbcCredentialCacheInfo structure 1842 * @param **error Pointer to a pointer to a wbcAuthErrorInfo structure 1843 * 1844 * @return #wbcErr 1845 **/ 1846 wbcErr wbcCredentialCache(struct wbcCredentialCacheParams *params, 1847 struct wbcCredentialCacheInfo **info, 1848 struct wbcAuthErrorInfo **error); 1849 1850 /** 1851 * @brief Save a password with winbind for doing wbcCredentialCache() later 1852 * 1853 * @param *ctx wbclient Context 1854 * @param *user Username 1855 * @param *password Password 1856 * 1857 * @return #wbcErr 1858 **/ 1859 wbcErr wbcCtxCredentialSave(struct wbcContext *ctx, 1860 const char *user, const char *password); 1861 1862 /** 1863 * @brief Save a password with winbind for doing wbcCredentialCache() later 1864 * 1865 * @param *user Username 1866 * @param *password Password 1867 * 1868 * @return #wbcErr 1869 **/ 1870 wbcErr wbcCredentialSave(const char *user, const char *password); 1871 1872 /********************************************************** 1873 * Resolve functions 1874 **********************************************************/ 1875 1876 /** 1877 * @brief Resolve a NetbiosName via WINS 1878 * 1879 * @param *ctx wbclient Context 1880 * @param name Name to resolve 1881 * @param *ip Pointer to the ip address string 1882 * 1883 * @return #wbcErr 1884 **/ 1885 wbcErr wbcCtxResolveWinsByName(struct wbcContext *ctx, 1886 const char *name, char **ip); 1887 1888 /** 1889 * @brief Resolve a NetbiosName via WINS 1890 * 1891 * @param name Name to resolve 1892 * @param *ip Pointer to the ip address string 1893 * 1894 * @return #wbcErr 1895 **/ 1896 wbcErr wbcResolveWinsByName(const char *name, char **ip); 1897 1898 /** 1899 * @brief Resolve an IP address via WINS into a NetbiosName 1900 * 1901 * @param *ctx wbclient Context 1902 * @param ip The ip address string 1903 * @param *name Pointer to the name 1904 * 1905 * @return #wbcErr 1906 * 1907 **/ 1908 wbcErr wbcCtxResolveWinsByIP(struct wbcContext *ctx, 1909 const char *ip, char **name); 1910 1911 /** 1912 * @brief Resolve an IP address via WINS into a NetbiosName 1913 * 1914 * @param ip The ip address string 1915 * @param *name Pointer to the name 1916 * 1917 * @return #wbcErr 1918 * 1919 **/ 1920 wbcErr wbcResolveWinsByIP(const char *ip, char **name); 1921 1922 /********************************************************** 1923 * Trusted domain functions 1924 **********************************************************/ 1925 1926 /** 1927 * @brief Trigger a verification of the trust credentials of a specific domain 1928 * 1929 * @param *ctx wbclient Context 1930 * @param *domain The name of the domain. 1931 * @param error Output details on WBC_ERR_AUTH_ERROR 1932 * 1933 * @return #wbcErr 1934 **/ 1935 wbcErr wbcCtxCheckTrustCredentials(struct wbcContext *ctx, const char *domain, 1936 struct wbcAuthErrorInfo **error); 1937 1938 /** 1939 * @brief Trigger a verification of the trust credentials of a specific domain 1940 * 1941 * @param *domain The name of the domain. 1942 * @param error Output details on WBC_ERR_AUTH_ERROR 1943 * 1944 * @return #wbcErr 1945 **/ 1946 wbcErr wbcCheckTrustCredentials(const char *domain, 1947 struct wbcAuthErrorInfo **error); 1948 1949 /** 1950 * @brief Trigger a change of the trust credentials for a specific domain 1951 * 1952 * @param *ctx wbclient Context 1953 * @param *domain The name of the domain. 1954 * @param error Output details on WBC_ERR_AUTH_ERROR 1955 * 1956 * @return #wbcErr 1957 **/ 1958 wbcErr wbcCtxChangeTrustCredentials(struct wbcContext *ctx, const char *domain, 1959 struct wbcAuthErrorInfo **error); 1960 1961 /** 1962 * @brief Trigger a change of the trust credentials for a specific domain 1963 * 1964 * @param *domain The name of the domain. 1965 * @param error Output details on WBC_ERR_AUTH_ERROR 1966 * 1967 * @return #wbcErr 1968 **/ 1969 wbcErr wbcChangeTrustCredentials(const char *domain, 1970 struct wbcAuthErrorInfo **error); 1971 1972 /** 1973 * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost 1974 * version of wbcCheckTrustCredentials 1975 * 1976 * @param *ctx wbclient Context 1977 * @param *domain The name of the domain, only NULL for the default domain is 1978 * supported yet. Other values than NULL will result in 1979 * WBC_ERR_NOT_IMPLEMENTED. 1980 * @param error Output details on WBC_ERR_AUTH_ERROR 1981 * 1982 * @return #wbcErr 1983 **/ 1984 wbcErr wbcCtxPingDc(struct wbcContext *ctx, const char *domain, 1985 struct wbcAuthErrorInfo **error); 1986 1987 /** 1988 * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost 1989 * version of wbcCheckTrustCredentials 1990 * 1991 * @param *domain The name of the domain, only NULL for the default domain is 1992 * supported yet. Other values than NULL will result in 1993 * WBC_ERR_NOT_IMPLEMENTED. 1994 * @param error Output details on WBC_ERR_AUTH_ERROR 1995 * 1996 * @return #wbcErr 1997 **/ 1998 wbcErr wbcPingDc(const char *domain, struct wbcAuthErrorInfo **error); 1999 2000 /** 2001 * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost 2002 * version of wbcCheckTrustCredentials 2003 * 2004 * @param *ctx wbclient Context 2005 * @param *domain The name of the domain, only NULL for the default domain is 2006 * supported yet. Other values than NULL will result in 2007 * WBC_ERR_NOT_IMPLEMENTED. 2008 * @param error Output details on WBC_ERR_AUTH_ERROR 2009 * @param dcname DC that was attempted to ping 2010 * 2011 * @return #wbcErr 2012 **/ 2013 wbcErr wbcCtxPingDc2(struct wbcContext *ctx, const char *domain, 2014 struct wbcAuthErrorInfo **error, 2015 char **dcname); 2016 2017 /** 2018 * @brief Trigger a no-op call through the NETLOGON pipe. Low-cost 2019 * version of wbcCheckTrustCredentials 2020 * 2021 * @param *domain The name of the domain, only NULL for the default domain is 2022 * supported yet. Other values than NULL will result in 2023 * WBC_ERR_NOT_IMPLEMENTED. 2024 * @param error Output details on WBC_ERR_AUTH_ERROR 2025 * @param dcname DC that was attempted to ping 2026 * 2027 * @return #wbcErr 2028 **/ 2029 wbcErr wbcPingDc2(const char *domain, struct wbcAuthErrorInfo **error, 2030 char **dcname); 2031 2032 /********************************************************** 2033 * Helper functions 2034 **********************************************************/ 2035 2036 /** 2037 * @brief Initialize a named blob and add to list of blobs 2038 * 2039 * @param[in,out] num_blobs Pointer to the number of blobs 2040 * @param[in,out] blobs Pointer to an array of blobs 2041 * @param[in] name Name of the new named blob 2042 * @param[in] flags Flags of the new named blob 2043 * @param[in] data Blob data of new blob 2044 * @param[in] length Blob data length of new blob 2045 * 2046 * @return #wbcErr 2047 **/ 2048 wbcErr wbcAddNamedBlob(size_t *num_blobs, 2049 struct wbcNamedBlob **blobs, 2050 const char *name, 2051 uint32_t flags, 2052 uint8_t *data, 2053 size_t length); 2054 2055 /** 2056 * @brief Set the name of the process which call wbclient. 2057 * 2058 * By default wbclient will figure out the process name. This should just be 2059 * used in special cases like pam modules or similar. Only alpha numeric 2060 * chars in ASCII are allowed. 2061 * 2062 * This function should only be called once! 2063 * 2064 * @param[in] name The process name to set. 2065 */ 2066 void wbcSetClientProcessName(const char *name); 2067 2068 #endif /* _WBCLIENT_H */ 2069