Samba: nsswitch/winbindd.h ソースファイル

00001 /* 
00002    Unix SMB/CIFS implementation.
00003 
00004    Winbind daemon for ntdom nss module
00005 
00006    Copyright (C) Tim Potter 2000
00007    Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
00008    
00009    This library is free software; you can redistribute it and/or
00010    modify it under the terms of the GNU Library General Public
00011    License as published by the Free Software Foundation; either
00012    version 2 of the License, or (at your option) any later version.
00013    
00014    This library is distributed in the hope that it will be useful,
00015    but WITHOUT ANY WARRANTY; without even the implied warranty of
00016    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
00017    Library General Public License for more details.
00018    
00019    You should have received a copy of the GNU Library General Public
00020    License along with this library; if not, write to the
00021    Free Software Foundation, Inc., 59 Temple Place - Suite 330,
00022    Boston, MA  02111-1307, USA.   
00023 */
00024 
00025 #ifndef _WINBINDD_H
00026 #define _WINBINDD_H
00027 
00028 #include "nterr.h"
00029 
00030 #include "winbindd_nss.h"
00031 
00032 #ifdef HAVE_LIBNSCD
00033 #include "libnscd.h"
00034 #endif
00035 
00036 #ifdef HAVE_SYS_MMAN_H
00037 #include <sys/mman.h>
00038 #endif
00039 
00040 #undef DBGC_CLASS
00041 #define DBGC_CLASS DBGC_WINBIND
00042 
00043 #define WB_REPLACE_CHAR         '_'
00044 
00045 /* bits for fd_event.flags */
00046 #define EVENT_FD_READ 1
00047 #define EVENT_FD_WRITE 2
00048 
00049 struct fd_event {
00050         struct fd_event *next, *prev;
00051         int fd;
00052         int flags; /* see EVENT_FD_* flags */
00053         void (*handler)(struct fd_event *fde, int flags);
00054         void *data;
00055         size_t length, done;
00056         void (*finished)(void *private_data, BOOL success);
00057         void *private_data;
00058 };
00059 
00060 struct sid_ctr {
00061         DOM_SID *sid;
00062         BOOL finished;
00063         const char *domain;
00064         const char *name;
00065         enum lsa_SidType type;
00066 };
00067 
00068 struct winbindd_cli_state {
00069         struct winbindd_cli_state *prev, *next;   /* Linked list pointers */
00070         int sock;                                 /* Open socket from client */
00071         struct fd_event fd_event;
00072         pid_t pid;                                /* pid of client */
00073         BOOL finished;                            /* Can delete from list */
00074         BOOL write_extra_data;                    /* Write extra_data field */
00075         time_t last_access;                       /* Time of last access (read or write) */
00076         BOOL privileged;                           /* Is the client 'privileged' */
00077 
00078         TALLOC_CTX *mem_ctx;                      /* memory per request */
00079         struct winbindd_request request;          /* Request from client */
00080         struct winbindd_response response;        /* Respose to client */
00081         BOOL getpwent_initialized;                /* Has getpwent_state been
00082                                                    * initialized? */
00083         BOOL getgrent_initialized;                /* Has getgrent_state been
00084                                                    * initialized? */
00085         struct getent_state *getpwent_state;      /* State for getpwent() */
00086         struct getent_state *getgrent_state;      /* State for getgrent() */
00087 };
00088 
00089 /* State between get{pw,gr}ent() calls */
00090 
00091 struct getent_state {
00092         struct getent_state *prev, *next;
00093         void *sam_entries;
00094         uint32 sam_entry_index, num_sam_entries;
00095         BOOL got_sam_entries;
00096         fstring domain_name;
00097 };
00098 
00099 /* Storage for cached getpwent() user entries */
00100 
00101 struct getpwent_user {
00102         fstring name;                        /* Account name */
00103         fstring gecos;                       /* User information */
00104         fstring homedir;                     /* User Home Directory */
00105         fstring shell;                       /* User Login Shell */
00106         DOM_SID user_sid;                    /* NT user and primary group SIDs */
00107         DOM_SID group_sid;
00108 };
00109 
00110 /* Server state structure */
00111 
00112 typedef struct {
00113         char *acct_name;
00114         char *full_name;
00115         char *homedir;
00116         char *shell;
00117         gid_t primary_gid;                   /* allow the nss_info
00118                                                 backend to set the primary group */
00119         DOM_SID user_sid;                    /* NT user and primary group SIDs */
00120         DOM_SID group_sid;
00121 } WINBIND_USERINFO;
00122 
00123 /* Our connection to the DC */
00124 
00125 struct winbindd_cm_conn {
00126         struct cli_state *cli;
00127 
00128         struct rpc_pipe_client *samr_pipe;
00129         POLICY_HND sam_connect_handle, sam_domain_handle;
00130 
00131         struct rpc_pipe_client *lsa_pipe;
00132         POLICY_HND lsa_policy;
00133 
00134         struct rpc_pipe_client *netlogon_pipe;
00135 };
00136 
00137 struct winbindd_async_request;
00138 
00139 /* Async child */
00140 
00141 struct winbindd_child {
00142         struct winbindd_child *next, *prev;
00143 
00144         pid_t pid;
00145         struct winbindd_domain *domain;
00146         pstring logfilename;
00147 
00148         struct fd_event event;
00149         struct timed_event *lockout_policy_event;
00150         struct winbindd_async_request *requests;
00151 };
00152 
00153 /* Structures to hold per domain information */
00154 
00155 struct winbindd_domain {
00156         fstring name;                          /* Domain name */        
00157         fstring alt_name;                      /* alt Domain name (if any) */
00158         fstring forest_name;                   /* Name of the AD forest we're in */
00159         DOM_SID sid;                           /* SID for this domain */
00160         BOOL initialized;                      /* Did we already ask for the domain mode? */
00161         BOOL native_mode;                      /* is this a win2k domain in native mode ? */
00162         BOOL active_directory;                 /* is this a win2k active directory ? */
00163         BOOL primary;                          /* is this our primary domain ? */
00164         BOOL internal;                         /* BUILTIN and member SAM */
00165         BOOL online;                           /* is this domain available ? */
00166         time_t startup_time;                   /* When we set "startup" true. */
00167         BOOL startup;                          /* are we in the first 30 seconds after startup_time ? */
00168 
00169         /* Lookup methods for this domain (LDAP or RPC) */
00170         struct winbindd_methods *methods;
00171 
00172         /* the backend methods are used by the cache layer to find the right
00173            backend */
00174         struct winbindd_methods *backend;
00175 
00176         /* Private data for the backends (used for connection cache) */
00177 
00178         void *private_data; 
00179 
00180         /* A working DC */
00181         fstring dcname;
00182         struct sockaddr_in dcaddr;
00183 
00184         /* Sequence number stuff */
00185 
00186         time_t last_seq_check;
00187         uint32 sequence_number;
00188         NTSTATUS last_status;
00189 
00190         /* The smb connection */
00191 
00192         struct winbindd_cm_conn conn;
00193 
00194         /* The child pid we're talking to */
00195 
00196         struct winbindd_child child;
00197 
00198         /* Callback we use to try put us back online. */
00199 
00200         uint32 check_online_timeout;
00201         struct timed_event *check_online_event;
00202 
00203         /* Linked list info */
00204 
00205         struct winbindd_domain *prev, *next;
00206 };
00207 
00208 /* per-domain methods. This is how LDAP vs RPC is selected
00209  */
00210 struct winbindd_methods {
00211         /* does this backend provide a consistent view of the data? (ie. is the primary group
00212            always correct) */
00213         BOOL consistent;
00214 
00215         /* get a list of users, returning a WINBIND_USERINFO for each one */
00216         NTSTATUS (*query_user_list)(struct winbindd_domain *domain,
00217                                    TALLOC_CTX *mem_ctx,
00218                                    uint32 *num_entries, 
00219                                    WINBIND_USERINFO **info);
00220 
00221         /* get a list of domain groups */
00222         NTSTATUS (*enum_dom_groups)(struct winbindd_domain *domain,
00223                                     TALLOC_CTX *mem_ctx,
00224                                     uint32 *num_entries, 
00225                                     struct acct_info **info);
00226 
00227         /* get a list of domain local groups */
00228         NTSTATUS (*enum_local_groups)(struct winbindd_domain *domain,
00229                                     TALLOC_CTX *mem_ctx,
00230                                     uint32 *num_entries, 
00231                                     struct acct_info **info);
00232                                     
00233         /* convert one user or group name to a sid */
00234         NTSTATUS (*name_to_sid)(struct winbindd_domain *domain,
00235                                 TALLOC_CTX *mem_ctx,
00236                                 const char *domain_name,
00237                                 const char *name,
00238                                 DOM_SID *sid,
00239                                 enum lsa_SidType *type);
00240 
00241         /* convert a sid to a user or group name */
00242         NTSTATUS (*sid_to_name)(struct winbindd_domain *domain,
00243                                 TALLOC_CTX *mem_ctx,
00244                                 const DOM_SID *sid,
00245                                 char **domain_name,
00246                                 char **name,
00247                                 enum lsa_SidType *type);
00248 
00249         NTSTATUS (*rids_to_names)(struct winbindd_domain *domain,
00250                                   TALLOC_CTX *mem_ctx,
00251                                   const DOM_SID *domain_sid,
00252                                   uint32 *rids,
00253                                   size_t num_rids,
00254                                   char **domain_name,
00255                                   char ***names,
00256                                   enum lsa_SidType **types);
00257 
00258         /* lookup user info for a given SID */
00259         NTSTATUS (*query_user)(struct winbindd_domain *domain, 
00260                                TALLOC_CTX *mem_ctx, 
00261                                const DOM_SID *user_sid,
00262                                WINBIND_USERINFO *user_info);
00263 
00264         /* lookup all groups that a user is a member of. The backend
00265            can also choose to lookup by username or rid for this
00266            function */
00267         NTSTATUS (*lookup_usergroups)(struct winbindd_domain *domain,
00268                                       TALLOC_CTX *mem_ctx,
00269                                       const DOM_SID *user_sid,
00270                                       uint32 *num_groups, DOM_SID **user_gids);
00271 
00272         /* Lookup all aliases that the sids delivered are member of. This is
00273          * to implement 'domain local groups' correctly */
00274         NTSTATUS (*lookup_useraliases)(struct winbindd_domain *domain,
00275                                        TALLOC_CTX *mem_ctx,
00276                                        uint32 num_sids,
00277                                        const DOM_SID *sids,
00278                                        uint32 *num_aliases,
00279                                        uint32 **alias_rids);
00280 
00281         /* find all members of the group with the specified group_rid */
00282         NTSTATUS (*lookup_groupmem)(struct winbindd_domain *domain,
00283                                     TALLOC_CTX *mem_ctx,
00284                                     const DOM_SID *group_sid,
00285                                     uint32 *num_names, 
00286                                     DOM_SID **sid_mem, char ***names, 
00287                                     uint32 **name_types);
00288 
00289         /* return the current global sequence number */
00290         NTSTATUS (*sequence_number)(struct winbindd_domain *domain, uint32 *seq);
00291 
00292         /* return the lockout policy */
00293         NTSTATUS (*lockout_policy)(struct winbindd_domain *domain, 
00294                                    TALLOC_CTX *mem_ctx,
00295                                    SAM_UNK_INFO_12 *lockout_policy);
00296  
00297         /* return the lockout policy */
00298         NTSTATUS (*password_policy)(struct winbindd_domain *domain, 
00299                                     TALLOC_CTX *mem_ctx,
00300                                     SAM_UNK_INFO_1 *password_policy);
00301  
00302         /* enumerate trusted domains */
00303         NTSTATUS (*trusted_domains)(struct winbindd_domain *domain,
00304                                     TALLOC_CTX *mem_ctx,
00305                                     uint32 *num_domains,
00306                                     char ***names,
00307                                     char ***alt_names,
00308                                     DOM_SID **dom_sids);
00309 };
00310 
00311 /* Used to glue a policy handle and cli_state together */
00312 
00313 typedef struct {
00314         struct cli_state *cli;
00315         POLICY_HND pol;
00316 } CLI_POLICY_HND;
00317 
00318 /* Filled out by IDMAP backends */
00319 struct winbindd_idmap_methods {
00320   /* Called when backend is first loaded */
00321   BOOL (*init)(void);
00322 
00323   BOOL (*get_sid_from_uid)(uid_t uid, DOM_SID *sid);
00324   BOOL (*get_sid_from_gid)(gid_t gid, DOM_SID *sid);
00325 
00326   BOOL (*get_uid_from_sid)(DOM_SID *sid, uid_t *uid);
00327   BOOL (*get_gid_from_sid)(DOM_SID *sid, gid_t *gid);
00328 
00329   /* Called when backend is unloaded */
00330   BOOL (*close)(void);
00331   /* Called to dump backend status */
00332   void (*status)(void);
00333 };
00334 
00335 #include "nsswitch/winbindd_proto.h"
00336 
00337 #define WINBINDD_ESTABLISH_LOOP 30
00338 #define WINBINDD_RESCAN_FREQ 300
00339 #define WINBINDD_PAM_AUTH_KRB5_RENEW_TIME 2592000 /* one month */
00340 #define DOM_SEQUENCE_NONE ((uint32)-1)
00341 
00342 #endif /* _WINBINDD_H */