root/source3/winbindd/winbindd.h

/* [<][>][^][v][top][bottom][index][help] */

INCLUDED FROM


   1 /* 
   2    Unix SMB/CIFS implementation.
   3 
   4    Winbind daemon for ntdom nss module
   5 
   6    Copyright (C) Tim Potter 2000
   7    Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
   8    
   9    This library is free software; you can redistribute it and/or
  10    modify it under the terms of the GNU Lesser General Public
  11    License as published by the Free Software Foundation; either
  12    version 3 of the License, or (at your option) any later version.
  13    
  14    This library is distributed in the hope that it will be useful,
  15    but WITHOUT ANY WARRANTY; without even the implied warranty of
  16    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  17    Library General Public License for more details.
  18    
  19    You should have received a copy of the GNU Lesser General Public License
  20    along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21 */
  22 
  23 #ifndef _WINBINDD_H
  24 #define _WINBINDD_H
  25 
  26 #include "nsswitch/winbind_struct_protocol.h"
  27 #include "nsswitch/libwbclient/wbclient.h"
  28 
  29 #ifdef HAVE_LIBNSCD
  30 #include <libnscd.h>
  31 #endif
  32 
  33 #ifdef HAVE_SYS_MMAN_H
  34 #include <sys/mman.h>
  35 #endif
  36 
  37 #undef DBGC_CLASS
  38 #define DBGC_CLASS DBGC_WINBIND
  39 
  40 #define WB_REPLACE_CHAR         '_'
  41 
  42 struct winbindd_fd_event {
  43         struct winbindd_fd_event *next, *prev;
  44         int fd;
  45         int flags; /* see EVENT_FD_* flags */
  46         void (*handler)(struct winbindd_fd_event *fde, int flags);
  47         void *data;
  48         size_t length, done;
  49         void (*finished)(void *private_data, bool success);
  50         void *private_data;
  51 };
  52 
  53 struct sid_ctr {
  54         DOM_SID *sid;
  55         bool finished;
  56         const char *domain;
  57         const char *name;
  58         enum lsa_SidType type;
  59 };
  60 
  61 struct winbindd_cli_state {
  62         struct winbindd_cli_state *prev, *next;   /* Linked list pointers */
  63         int sock;                                 /* Open socket from client */
  64         struct winbindd_fd_event fd_event;
  65         pid_t pid;                                /* pid of client */
  66         bool finished;                            /* Can delete from list */
  67         bool write_extra_data;                    /* Write extra_data field */
  68         time_t last_access;                       /* Time of last access (read or write) */
  69         bool privileged;                           /* Is the client 'privileged' */
  70 
  71         TALLOC_CTX *mem_ctx;                      /* memory per request */
  72         struct winbindd_request request;          /* Request from client */
  73         struct winbindd_response response;        /* Respose to client */
  74         bool getpwent_initialized;                /* Has getpwent_state been
  75                                                    * initialized? */
  76         bool getgrent_initialized;                /* Has getgrent_state been
  77                                                    * initialized? */
  78         struct getent_state *getpwent_state;      /* State for getpwent() */
  79         struct getent_state *getgrent_state;      /* State for getgrent() */
  80 };
  81 
  82 /* State between get{pw,gr}ent() calls */
  83 
  84 struct getent_state {
  85         struct getent_state *prev, *next;
  86         void *sam_entries;
  87         uint32 sam_entry_index, num_sam_entries;
  88         bool got_sam_entries;
  89         fstring domain_name;
  90 };
  91 
  92 /* Storage for cached getpwent() user entries */
  93 
  94 struct getpwent_user {
  95         fstring name;                        /* Account name */
  96         fstring gecos;                       /* User information */
  97         fstring homedir;                     /* User Home Directory */
  98         fstring shell;                       /* User Login Shell */
  99         DOM_SID user_sid;                    /* NT user and primary group SIDs */
 100         DOM_SID group_sid;
 101 };
 102 
 103 /* Server state structure */
 104 
 105 typedef struct {
 106         char *acct_name;
 107         char *full_name;
 108         char *homedir;
 109         char *shell;
 110         gid_t primary_gid;                   /* allow the nss_info
 111                                                 backend to set the primary group */
 112         DOM_SID user_sid;                    /* NT user and primary group SIDs */
 113         DOM_SID group_sid;
 114 } WINBIND_USERINFO;
 115 
 116 /* Our connection to the DC */
 117 
 118 struct winbindd_cm_conn {
 119         struct cli_state *cli;
 120 
 121         struct rpc_pipe_client *samr_pipe;
 122         struct policy_handle sam_connect_handle, sam_domain_handle;
 123 
 124         struct rpc_pipe_client *lsa_pipe;
 125         struct rpc_pipe_client *lsa_pipe_tcp;
 126         struct policy_handle lsa_policy;
 127 
 128         struct rpc_pipe_client *netlogon_pipe;
 129 };
 130 
 131 struct winbindd_async_request;
 132 
 133 /* Async child */
 134 
 135 struct winbindd_domain;
 136 
 137 struct winbindd_child_dispatch_table {
 138         const char *name;
 139         enum winbindd_cmd struct_cmd;
 140         enum winbindd_result (*struct_fn)(struct winbindd_domain *domain,
 141                                           struct winbindd_cli_state *state);
 142 };
 143 
 144 struct winbindd_child {
 145         struct winbindd_child *next, *prev;
 146 
 147         pid_t pid;
 148         struct winbindd_domain *domain;
 149         char *logfilename;
 150 
 151         struct winbindd_fd_event event;
 152         struct timed_event *lockout_policy_event;
 153         struct timed_event *machine_password_change_event;
 154         struct winbindd_async_request *requests;
 155 
 156         const struct winbindd_child_dispatch_table *table;
 157 };
 158 
 159 /* Structures to hold per domain information */
 160 
 161 struct winbindd_domain {
 162         fstring name;                          /* Domain name (NetBIOS) */
 163         fstring alt_name;                      /* alt Domain name, if any (FQDN for ADS) */
 164         fstring forest_name;                   /* Name of the AD forest we're in */
 165         DOM_SID sid;                           /* SID for this domain */
 166         uint32 domain_flags;                   /* Domain flags from netlogon.h */
 167         uint32 domain_type;                    /* Domain type from netlogon.h */
 168         uint32 domain_trust_attribs;           /* Trust attribs from netlogon.h */
 169         bool initialized;                      /* Did we already ask for the domain mode? */
 170         bool native_mode;                      /* is this a win2k domain in native mode ? */
 171         bool active_directory;                 /* is this a win2k active directory ? */
 172         bool primary;                          /* is this our primary domain ? */
 173         bool internal;                         /* BUILTIN and member SAM */
 174         bool online;                           /* is this domain available ? */
 175         time_t startup_time;                   /* When we set "startup" true. */
 176         bool startup;                          /* are we in the first 30 seconds after startup_time ? */
 177 
 178         bool can_do_samlogon_ex; /* Due to the lack of finer control what type
 179                                   * of DC we have, let us try to do a
 180                                   * credential-chain less samlogon_ex call
 181                                   * with AD and schannel. If this fails with
 182                                   * DCERPC_FAULT_OP_RNG_ERROR, then set this
 183                                   * to False. This variable is around so that
 184                                   * we don't have to try _ex every time. */
 185 
 186         bool can_do_ncacn_ip_tcp;
 187 
 188         /* Lookup methods for this domain (LDAP or RPC) */
 189         struct winbindd_methods *methods;
 190 
 191         /* the backend methods are used by the cache layer to find the right
 192            backend */
 193         struct winbindd_methods *backend;
 194 
 195         /* Private data for the backends (used for connection cache) */
 196 
 197         void *private_data;
 198 
 199         /*
 200          * idmap config settings, used to tell the idmap child which
 201          * special domain config to use for a mapping
 202          */
 203         bool have_idmap_config;
 204         uint32_t id_range_low, id_range_high;
 205 
 206         /* A working DC */
 207         pid_t dc_probe_pid; /* Child we're using to detect the DC. */
 208         fstring dcname;
 209         struct sockaddr_storage dcaddr;
 210 
 211         /* Sequence number stuff */
 212 
 213         time_t last_seq_check;
 214         uint32 sequence_number;
 215         NTSTATUS last_status;
 216 
 217         /* The smb connection */
 218 
 219         struct winbindd_cm_conn conn;
 220 
 221         /* The child pid we're talking to */
 222 
 223         struct winbindd_child child;
 224 
 225         /* Callback we use to try put us back online. */
 226 
 227         uint32 check_online_timeout;
 228         struct timed_event *check_online_event;
 229 
 230         /* Linked list info */
 231 
 232         struct winbindd_domain *prev, *next;
 233 };
 234 
 235 /* per-domain methods. This is how LDAP vs RPC is selected
 236  */
 237 struct winbindd_methods {
 238         /* does this backend provide a consistent view of the data? (ie. is the primary group
 239            always correct) */
 240         bool consistent;
 241 
 242         /* get a list of users, returning a WINBIND_USERINFO for each one */
 243         NTSTATUS (*query_user_list)(struct winbindd_domain *domain,
 244                                    TALLOC_CTX *mem_ctx,
 245                                    uint32 *num_entries, 
 246                                    WINBIND_USERINFO **info);
 247 
 248         /* get a list of domain groups */
 249         NTSTATUS (*enum_dom_groups)(struct winbindd_domain *domain,
 250                                     TALLOC_CTX *mem_ctx,
 251                                     uint32 *num_entries, 
 252                                     struct acct_info **info);
 253 
 254         /* get a list of domain local groups */
 255         NTSTATUS (*enum_local_groups)(struct winbindd_domain *domain,
 256                                     TALLOC_CTX *mem_ctx,
 257                                     uint32 *num_entries, 
 258                                     struct acct_info **info);
 259                                     
 260         /* convert one user or group name to a sid */
 261         NTSTATUS (*name_to_sid)(struct winbindd_domain *domain,
 262                                 TALLOC_CTX *mem_ctx,
 263                                 enum winbindd_cmd orig_cmd,
 264                                 const char *domain_name,
 265                                 const char *name,
 266                                 DOM_SID *sid,
 267                                 enum lsa_SidType *type);
 268 
 269         /* convert a sid to a user or group name */
 270         NTSTATUS (*sid_to_name)(struct winbindd_domain *domain,
 271                                 TALLOC_CTX *mem_ctx,
 272                                 const DOM_SID *sid,
 273                                 char **domain_name,
 274                                 char **name,
 275                                 enum lsa_SidType *type);
 276 
 277         NTSTATUS (*rids_to_names)(struct winbindd_domain *domain,
 278                                   TALLOC_CTX *mem_ctx,
 279                                   const DOM_SID *domain_sid,
 280                                   uint32 *rids,
 281                                   size_t num_rids,
 282                                   char **domain_name,
 283                                   char ***names,
 284                                   enum lsa_SidType **types);
 285 
 286         /* lookup user info for a given SID */
 287         NTSTATUS (*query_user)(struct winbindd_domain *domain, 
 288                                TALLOC_CTX *mem_ctx, 
 289                                const DOM_SID *user_sid,
 290                                WINBIND_USERINFO *user_info);
 291 
 292         /* lookup all groups that a user is a member of. The backend
 293            can also choose to lookup by username or rid for this
 294            function */
 295         NTSTATUS (*lookup_usergroups)(struct winbindd_domain *domain,
 296                                       TALLOC_CTX *mem_ctx,
 297                                       const DOM_SID *user_sid,
 298                                       uint32 *num_groups, DOM_SID **user_gids);
 299 
 300         /* Lookup all aliases that the sids delivered are member of. This is
 301          * to implement 'domain local groups' correctly */
 302         NTSTATUS (*lookup_useraliases)(struct winbindd_domain *domain,
 303                                        TALLOC_CTX *mem_ctx,
 304                                        uint32 num_sids,
 305                                        const DOM_SID *sids,
 306                                        uint32 *num_aliases,
 307                                        uint32 **alias_rids);
 308 
 309         /* find all members of the group with the specified group_rid */
 310         NTSTATUS (*lookup_groupmem)(struct winbindd_domain *domain,
 311                                     TALLOC_CTX *mem_ctx,
 312                                     const DOM_SID *group_sid,
 313                                     uint32 *num_names, 
 314                                     DOM_SID **sid_mem, char ***names, 
 315                                     uint32 **name_types);
 316 
 317         /* return the current global sequence number */
 318         NTSTATUS (*sequence_number)(struct winbindd_domain *domain, uint32 *seq);
 319 
 320         /* return the lockout policy */
 321         NTSTATUS (*lockout_policy)(struct winbindd_domain *domain,
 322                                    TALLOC_CTX *mem_ctx,
 323                                    struct samr_DomInfo12 *lockout_policy);
 324 
 325         /* return the lockout policy */
 326         NTSTATUS (*password_policy)(struct winbindd_domain *domain,
 327                                     TALLOC_CTX *mem_ctx,
 328                                     struct samr_DomInfo1 *password_policy);
 329 
 330         /* enumerate trusted domains */
 331         NTSTATUS (*trusted_domains)(struct winbindd_domain *domain,
 332                                     TALLOC_CTX *mem_ctx,
 333                                     uint32 *num_domains,
 334                                     char ***names,
 335                                     char ***alt_names,
 336                                     DOM_SID **dom_sids);
 337 };
 338 
 339 /* Filled out by IDMAP backends */
 340 struct winbindd_idmap_methods {
 341   /* Called when backend is first loaded */
 342   bool (*init)(void);
 343 
 344   bool (*get_sid_from_uid)(uid_t uid, DOM_SID *sid);
 345   bool (*get_sid_from_gid)(gid_t gid, DOM_SID *sid);
 346 
 347   bool (*get_uid_from_sid)(DOM_SID *sid, uid_t *uid);
 348   bool (*get_gid_from_sid)(DOM_SID *sid, gid_t *gid);
 349 
 350   /* Called when backend is unloaded */
 351   bool (*close)(void);
 352   /* Called to dump backend status */
 353   void (*status)(void);
 354 };
 355 
 356 /* Data structures for dealing with the trusted domain cache */
 357 
 358 struct winbindd_tdc_domain {
 359         const char *domain_name;
 360         const char *dns_name;
 361         DOM_SID sid;
 362         uint32 trust_flags;
 363         uint32 trust_attribs;
 364         uint32 trust_type;
 365 };
 366 
 367 /* Switch for listing users or groups */
 368 enum ent_type {
 369         LIST_USERS = 0,
 370         LIST_GROUPS,
 371 };
 372 
 373 struct WINBINDD_MEMORY_CREDS {
 374         struct WINBINDD_MEMORY_CREDS *next, *prev;
 375         const char *username; /* lookup key. */
 376         uid_t uid;
 377         int ref_count;
 378         size_t len;
 379         uint8_t *nt_hash; /* Base pointer for the following 2 */
 380         uint8_t *lm_hash;
 381         char *pass;
 382 };
 383 
 384 struct WINBINDD_CCACHE_ENTRY {
 385         struct WINBINDD_CCACHE_ENTRY *next, *prev;
 386         const char *principal_name;
 387         const char *ccname;
 388         const char *service;
 389         const char *username;
 390         const char *realm;
 391         struct WINBINDD_MEMORY_CREDS *cred_ptr;
 392         int ref_count;
 393         uid_t uid;
 394         time_t create_time;
 395         time_t renew_until;
 396         time_t refresh_time;
 397         struct timed_event *event;
 398 };
 399 
 400 #include "winbindd/winbindd_proto.h"
 401 
 402 #define WINBINDD_ESTABLISH_LOOP 30
 403 #define WINBINDD_RESCAN_FREQ lp_winbind_cache_time()
 404 #define WINBINDD_PAM_AUTH_KRB5_RENEW_TIME 2592000 /* one month */
 405 #define DOM_SEQUENCE_NONE ((uint32)-1)
 406 
 407 #define IS_DOMAIN_OFFLINE(x) ( lp_winbind_offline_logon() && \
 408                                ( get_global_winbindd_state_offline() \
 409                                  || !(x)->online ) )
 410 #define IS_DOMAIN_ONLINE(x) (!IS_DOMAIN_OFFLINE(x))
 411 
 412 #endif /* _WINBINDD_H */

/* [<][>][^][v][top][bottom][index][help] */