nsswitch/winbindd_nss.h

説明を見る。
00001 /* 
00002    Unix SMB/CIFS implementation.
00003 
00004    Winbind daemon for ntdom nss module
00005 
00006    Copyright (C) Tim Potter 2000
00007    Copyright (C) Gerald Carter 2006
00008    
00009    You are free to use this interface definition in any way you see
00010    fit, including without restriction, using this header in your own
00011    products. You do not need to give any attribution.  
00012 */
00013 
00014 
00015 #ifndef CONST_DISCARD
00016 #define CONST_DISCARD(type, ptr)      ((type) ((void *) (ptr)))
00017 #endif
00018 
00019 #ifndef CONST_ADD
00020 #define CONST_ADD(type, ptr)          ((type) ((const void *) (ptr)))
00021 #endif
00022 
00023 #ifndef SAFE_FREE
00024 #define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0)
00025 #endif
00026 
00027 #ifndef _WINBINDD_NTDOM_H
00028 #define _WINBINDD_NTDOM_H
00029 
00030 #define WINBINDD_SOCKET_NAME "pipe"            /* Name of PF_UNIX socket */
00031 #define WINBINDD_SOCKET_DIR  "/var/run/winbindd"  /* Name of PF_UNIX dir */
00032 #define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */
00033 #define WINBINDD_DOMAIN_ENV  "WINBINDD_DOMAIN" /* Environment variables */
00034 #define WINBINDD_DONT_ENV    "_NO_WINBINDD"
00035 
00036 /* Update this when you change the interface.  */
00037 
00038 #define WINBIND_INTERFACE_VERSION 18
00039 
00040 /* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
00041    On a 64bit Linux box, we have to support a constant structure size
00042    between /lib/libnss_winbind.so.2 and /li64/libnss_winbind.so.2.
00043    The easiest way to do this is to always use 8byte values for time_t. */
00044 
00045 #if defined(int64)
00046 #  define SMB_TIME_T int64
00047 #else
00048 #  define SMB_TIME_T time_t
00049 #endif
00050 
00051 /* Socket commands */
00052 
00053 enum winbindd_cmd {
00054 
00055         WINBINDD_INTERFACE_VERSION,    /* Always a well known value */
00056 
00057         /* Get users and groups */
00058 
00059         WINBINDD_GETPWNAM,
00060         WINBINDD_GETPWUID,
00061         WINBINDD_GETGRNAM,
00062         WINBINDD_GETGRGID,
00063         WINBINDD_GETGROUPS,
00064 
00065         /* Enumerate users and groups */
00066 
00067         WINBINDD_SETPWENT,
00068         WINBINDD_ENDPWENT,
00069         WINBINDD_GETPWENT,
00070         WINBINDD_SETGRENT,
00071         WINBINDD_ENDGRENT,
00072         WINBINDD_GETGRENT,
00073 
00074         /* PAM authenticate and password change */
00075 
00076         WINBINDD_PAM_AUTH,
00077         WINBINDD_PAM_AUTH_CRAP,
00078         WINBINDD_PAM_CHAUTHTOK,
00079         WINBINDD_PAM_LOGOFF,
00080         WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP,
00081 
00082         /* List various things */
00083 
00084         WINBINDD_LIST_USERS,         /* List w/o rid->id mapping */
00085         WINBINDD_LIST_GROUPS,        /* Ditto */
00086         WINBINDD_LIST_TRUSTDOM,
00087 
00088         /* SID conversion */
00089 
00090         WINBINDD_LOOKUPSID,
00091         WINBINDD_LOOKUPNAME,
00092         WINBINDD_LOOKUPRIDS,
00093 
00094         /* Lookup functions */
00095 
00096         WINBINDD_SID_TO_UID,       
00097         WINBINDD_SID_TO_GID,
00098         WINBINDD_SIDS_TO_XIDS,
00099         WINBINDD_UID_TO_SID,
00100         WINBINDD_GID_TO_SID,
00101 
00102         WINBINDD_ALLOCATE_UID,
00103         WINBINDD_ALLOCATE_GID,
00104         WINBINDD_SET_MAPPING,
00105         WINBINDD_SET_HWM,
00106 
00107         /* Miscellaneous other stuff */
00108 
00109         WINBINDD_DUMP_MAPS,
00110 
00111         WINBINDD_CHECK_MACHACC,     /* Check machine account pw works */
00112         WINBINDD_PING,              /* Just tell me winbind is running */
00113         WINBINDD_INFO,              /* Various bit of info.  Currently just tidbits */
00114         WINBINDD_DOMAIN_NAME,       /* The domain this winbind server is a member of (lp_workgroup()) */
00115 
00116         WINBINDD_DOMAIN_INFO,   /* Most of what we know from
00117                                    struct winbindd_domain */
00118         WINBINDD_GETDCNAME,     /* Issue a GetDCName Request */
00119 
00120         WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */
00121 
00122         /* WINS commands */
00123 
00124         WINBINDD_WINS_BYIP,
00125         WINBINDD_WINS_BYNAME,
00126 
00127         /* this is like GETGRENT but gives an empty group list */
00128         WINBINDD_GETGRLST,
00129 
00130         WINBINDD_NETBIOS_NAME,       /* The netbios name of the server */
00131 
00132         /* find the location of our privileged pipe */
00133         WINBINDD_PRIV_PIPE_DIR,
00134 
00135         /* return a list of group sids for a user sid */
00136         WINBINDD_GETUSERSIDS,
00137 
00138         /* Various group queries */
00139         WINBINDD_GETUSERDOMGROUPS,
00140 
00141         /* Initialize connection in a child */
00142         WINBINDD_INIT_CONNECTION,
00143 
00144         /* Blocking calls that are not allowed on the main winbind pipe, only
00145          * between parent and children */
00146         WINBINDD_DUAL_SID2UID,
00147         WINBINDD_DUAL_SID2GID,
00148         WINBINDD_DUAL_SIDS2XIDS,
00149         WINBINDD_DUAL_UID2SID,
00150         WINBINDD_DUAL_GID2SID,
00151         WINBINDD_DUAL_SET_MAPPING,
00152         WINBINDD_DUAL_SET_HWM,
00153         WINBINDD_DUAL_DUMP_MAPS,
00154 
00155         /* Wrapper around possibly blocking unix nss calls */
00156         WINBINDD_DUAL_UID2NAME,
00157         WINBINDD_DUAL_NAME2UID,
00158         WINBINDD_DUAL_GID2NAME,
00159         WINBINDD_DUAL_NAME2GID,
00160 
00161         WINBINDD_DUAL_USERINFO,
00162         WINBINDD_DUAL_GETSIDALIASES,
00163 
00164         /* Complete the challenge phase of the NTLM authentication
00165            protocol using cached password. */
00166         WINBINDD_CCACHE_NTLMAUTH,
00167 
00168         WINBINDD_NUM_CMDS
00169 };
00170 
00171 typedef struct winbindd_pw {
00172         fstring pw_name;
00173         fstring pw_passwd;
00174         uid_t pw_uid;
00175         gid_t pw_gid;
00176         fstring pw_gecos;
00177         fstring pw_dir;
00178         fstring pw_shell;
00179 } WINBINDD_PW;
00180 
00181 
00182 typedef struct winbindd_gr {
00183         fstring gr_name;
00184         fstring gr_passwd;
00185         gid_t gr_gid;
00186         uint32 num_gr_mem;
00187         uint32 gr_mem_ofs;   /* offset to group membership */
00188 } WINBINDD_GR;
00189 
00190 
00191 #define WBFLAG_PAM_INFO3_NDR            0x0001
00192 #define WBFLAG_PAM_INFO3_TEXT           0x0002
00193 #define WBFLAG_PAM_USER_SESSION_KEY     0x0004
00194 #define WBFLAG_PAM_LMKEY                0x0008
00195 #define WBFLAG_PAM_CONTACT_TRUSTDOM     0x0010
00196 #define WBFLAG_QUERY_ONLY               0x0020
00197 #define WBFLAG_PAM_UNIX_NAME            0x0080
00198 #define WBFLAG_PAM_AFS_TOKEN            0x0100
00199 #define WBFLAG_PAM_NT_STATUS_SQUASH     0x0200
00200 
00201 /* This is a flag that can only be sent from parent to child */
00202 #define WBFLAG_IS_PRIVILEGED            0x0400
00203 /* Flag to say this is a winbindd internal send - don't recurse. */
00204 #define WBFLAG_RECURSE                  0x0800
00205 
00206 #define WBFLAG_PAM_KRB5                 0x1000
00207 #define WBFLAG_PAM_FALLBACK_AFTER_KRB5  0x2000
00208 #define WBFLAG_PAM_CACHED_LOGIN         0x4000
00209 #define WBFLAG_PAM_GET_PWD_POLICY       0x8000
00210 
00211 #define WINBINDD_MAX_EXTRA_DATA (128*1024)
00212 
00213 /* Winbind request structure */
00214 
00215 /*******************************************************************************
00216  * This structure MUST be the same size in the 32bit and 64bit builds
00217  * for compatibility between /lib64/libnss_winbind.so and /lib/libnss_winbind.so
00218  * 
00219  * DO NOT CHANGE THIS STRUCTURE WITHOUT TESTING THE 32BIT NSS LIB AGAINST
00220  * A 64BIT WINBINDD    --jerry
00221  ******************************************************************************/
00222 
00223 struct winbindd_request {
00224         uint32 length;
00225         enum winbindd_cmd cmd;   /* Winbindd command to execute */
00226         pid_t pid;               /* pid of calling process */
00227         uint32 flags;            /* flags relavant to a given request */
00228         fstring domain_name;    /* name of domain for which the request applies */
00229 
00230         union {
00231                 fstring winsreq;     /* WINS request */
00232                 fstring username;    /* getpwnam */
00233                 fstring groupname;   /* getgrnam */
00234                 uid_t uid;           /* getpwuid, uid_to_sid */
00235                 gid_t gid;           /* getgrgid, gid_to_sid */
00236                 struct {
00237                         /* We deliberatedly don't split into domain/user to
00238                            avoid having the client know what the separator
00239                            character is. */     
00240                         fstring user;
00241                         fstring pass;
00242                         pstring require_membership_of_sid;
00243                         fstring krb5_cc_type;
00244                         uid_t uid;
00245                 } auth;              /* pam_winbind auth module */
00246                 struct {
00247                         unsigned char chal[8];
00248                         uint32 logon_parameters;
00249                         fstring user;
00250                         fstring domain;
00251                         fstring lm_resp;
00252                         uint32 lm_resp_len;
00253                         fstring nt_resp;
00254                         uint32 nt_resp_len;
00255                         fstring workstation;
00256                         fstring require_membership_of_sid;
00257                 } auth_crap;
00258                 struct {
00259                     fstring user;
00260                     fstring oldpass;
00261                     fstring newpass;
00262                 } chauthtok;         /* pam_winbind passwd module */
00263                 struct {
00264                         fstring user;
00265                         fstring domain;
00266                         unsigned char new_nt_pswd[516];
00267                         uint16  new_nt_pswd_len;
00268                         unsigned char old_nt_hash_enc[16];
00269                         uint16  old_nt_hash_enc_len;
00270                         unsigned char new_lm_pswd[516];
00271                         uint16  new_lm_pswd_len;
00272                         unsigned char old_lm_hash_enc[16];
00273                         uint16  old_lm_hash_enc_len;
00274                 } chng_pswd_auth_crap;/* pam_winbind passwd module */
00275                 struct {
00276                         fstring user;
00277                         fstring krb5ccname;
00278                         uid_t uid;
00279                 } logoff;              /* pam_winbind session module */
00280                 fstring sid;         /* lookupsid, sid_to_[ug]id */
00281                 struct {
00282                         fstring dom_name;       /* lookupname */
00283                         fstring name;       
00284                 } name;
00285                 uint32 num_entries;  /* getpwent, getgrent */
00286                 struct {
00287                         fstring username;
00288                         fstring groupname;
00289                 } acct_mgt;
00290                 struct {
00291                         BOOL is_primary;
00292                         fstring dcname;
00293                 } init_conn;
00294                 struct {
00295                         fstring sid;
00296                         fstring name;
00297                 } dual_sid2id;
00298                 struct {
00299                         fstring sid;
00300                         uint32 type;
00301                         uint32 id;
00302                 } dual_idmapset;
00303                 BOOL list_all_domains;
00304 
00305                 struct {
00306                         uid_t uid;
00307                         fstring user;
00308                         /* the effective uid of the client, must be the uid for 'user'.
00309                            This is checked by the main daemon, trusted by children. */
00310                         /* if the blobs are length zero, then this doesn't
00311                            produce an actual challenge response. It merely
00312                            succeeds if there are cached credentials available
00313                            that could be used. */
00314                         uint32 initial_blob_len; /* blobs in extra_data */
00315                         uint32 challenge_blob_len;
00316                 } ccache_ntlm_auth;
00317 
00318                 /* padding -- needed to fix alignment between 32bit and 64bit libs.
00319                    The size is the sizeof the union without the padding aligned on 
00320                    an 8 byte boundary.   --jerry */
00321 
00322                 char padding[1800];
00323         } data;
00324         union {
00325                 SMB_TIME_T padding;
00326                 char *data;
00327         } extra_data;
00328         uint32 extra_len;
00329         char null_term;
00330 };
00331 
00332 /* Response values */
00333 
00334 enum winbindd_result {
00335         WINBINDD_ERROR,
00336         WINBINDD_PENDING,
00337         WINBINDD_OK
00338 };
00339 
00340 /* Winbind response structure */
00341 
00342 /*******************************************************************************
00343  * This structure MUST be the same size in the 32bit and 64bit builds
00344  * for compatibility between /lib64/libnss_winbind.so and /lib/libnss_winbind.so
00345  * 
00346  * DO NOT CHANGE THIS STRUCTURE WITHOUT TESTING THE 32BIT NSS LIB AGAINST
00347  * A 64BIT WINBINDD    --jerry
00348  ******************************************************************************/
00349 
00350 struct winbindd_response {
00351     
00352         /* Header information */
00353 
00354         uint32 length;                        /* Length of response */
00355         enum winbindd_result result;          /* Result code */
00356 
00357         /* Fixed length return data */
00358         
00359         union {
00360                 int interface_version;  /* Try to ensure this is always in the same spot... */
00361                 
00362                 fstring winsresp;               /* WINS response */
00363 
00364                 /* getpwnam, getpwuid */
00365                 
00366                 struct winbindd_pw pw;
00367 
00368                 /* getgrnam, getgrgid */
00369 
00370                 struct winbindd_gr gr;
00371 
00372                 uint32 num_entries; /* getpwent, getgrent */
00373                 struct winbindd_sid {
00374                         fstring sid;        /* lookupname, [ug]id_to_sid */
00375                         int type;
00376                 } sid;
00377                 struct winbindd_name {
00378                         fstring dom_name;       /* lookupsid */
00379                         fstring name;       
00380                         int type;
00381                 } name;
00382                 uid_t uid;          /* sid_to_uid */
00383                 gid_t gid;          /* sid_to_gid */
00384                 struct winbindd_info {
00385                         char winbind_separator;
00386                         fstring samba_version;
00387                 } info;
00388                 fstring domain_name;
00389                 fstring netbios_name;
00390                 fstring dc_name;
00391 
00392                 struct auth_reply {
00393                         uint32 nt_status;
00394                         fstring nt_status_string;
00395                         fstring error_string;
00396                         int pam_error;
00397                         char user_session_key[16];
00398                         char first_8_lm_hash[8];
00399                         fstring krb5ccname;
00400                         uint32 reject_reason;
00401                         uint32 padding;
00402                         struct policy_settings {
00403                                 uint32 min_length_password;
00404                                 uint32 password_history;
00405                                 uint32 password_properties;
00406                                 uint32 padding;
00407                                 SMB_TIME_T expire;
00408                                 SMB_TIME_T min_passwordage;
00409                         } policy;
00410                         struct info3_text {
00411                                 SMB_TIME_T logon_time;
00412                                 SMB_TIME_T logoff_time;
00413                                 SMB_TIME_T kickoff_time;
00414                                 SMB_TIME_T pass_last_set_time;
00415                                 SMB_TIME_T pass_can_change_time;
00416                                 SMB_TIME_T pass_must_change_time;
00417                                 uint32 logon_count;
00418                                 uint32 bad_pw_count;
00419                                 uint32 user_rid;
00420                                 uint32 group_rid;
00421                                 uint32 num_groups;
00422                                 uint32 user_flgs;
00423                                 uint32 acct_flags;
00424                                 uint32 num_other_sids;
00425                                 fstring dom_sid;
00426                                 fstring user_name;
00427                                 fstring full_name;
00428                                 fstring logon_script;
00429                                 fstring profile_path;
00430                                 fstring home_dir;
00431                                 fstring dir_drive;
00432                                 fstring logon_srv;
00433                                 fstring logon_dom;
00434                         } info3;
00435                 } auth;
00436                 struct {
00437                         fstring name;
00438                         fstring alt_name;
00439                         fstring sid;
00440                         BOOL native_mode;
00441                         BOOL active_directory;
00442                         BOOL primary;
00443                         uint32 sequence_number;
00444                 } domain_info;
00445                 struct {
00446                         fstring acct_name;
00447                         fstring full_name;
00448                         fstring homedir;
00449                         fstring shell;
00450                         uint32 primary_gid;                     
00451                         uint32 group_rid;
00452                 } user_info;
00453                 struct {
00454                         uint32 auth_blob_len; /* blob in extra_data */
00455                 } ccache_ntlm_auth;
00456         } data;
00457 
00458         /* Variable length return data */
00459 
00460         union {
00461                 SMB_TIME_T padding;
00462                 void *data;
00463         } extra_data;
00464 };
00465 
00466 struct WINBINDD_MEMORY_CREDS {
00467         struct WINBINDD_MEMORY_CREDS *next, *prev;
00468         const char *username; /* lookup key. */
00469         uid_t uid;
00470         int ref_count;
00471         size_t len;
00472         unsigned char *nt_hash; /* Base pointer for the following 2 */
00473         unsigned char *lm_hash;
00474         char *pass;
00475 };
00476 
00477 struct WINBINDD_CCACHE_ENTRY {
00478         struct WINBINDD_CCACHE_ENTRY *next, *prev;
00479         const char *principal_name;
00480         const char *ccname;
00481         const char *service;
00482         const char *username;
00483         const char *realm;
00484         struct WINBINDD_MEMORY_CREDS *cred_ptr;
00485         int ref_count;
00486         uid_t uid;
00487         time_t create_time;
00488         time_t renew_until;
00489         time_t refresh_time;
00490         struct timed_event *event;
00491 };
00492 
00493 #endif

Sambaに対してSat Aug 29 21:23:10 2009に生成されました。  doxygen 1.4.7