search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
winbindd: add event based machine password change.
[Samba/gebeck_regimport.git] / source3 / winbindd / winbindd.h
blob04b0b39f81a75342889ba60adc8cf5aee1064031
1 /*
2 Unix SMB/CIFS implementation.
3
4 Winbind daemon for ntdom nss module
5
6 Copyright (C) Tim Potter 2000
7 Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
8
9 This library is free software; you can redistribute it and/or
10 modify it under the terms of the GNU Lesser General Public
11 License as published by the Free Software Foundation; either
12 version 3 of the License, or (at your option) any later version.
13
14 This library is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Library General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22
23 #ifndef _WINBINDD_H
24 #define _WINBINDD_H
25
26 #include "nsswitch/winbind_struct_protocol.h"
27 #include "nsswitch/libwbclient/wbclient.h"
28
29 #ifdef HAVE_LIBNSCD
30 #include <libnscd.h>
31 #endif
32
33 #ifdef HAVE_SYS_MMAN_H
34 #include <sys/mman.h>
35 #endif
36
37 #undef DBGC_CLASS
38 #define DBGC_CLASS DBGC_WINBIND
39
40 #define WB_REPLACE_CHAR '_'
41
42 /* bits for fd_event.flags */
43 #define EVENT_FD_READ 1
44 #define EVENT_FD_WRITE 2
45
46 struct fd_event {
47 struct fd_event *next, *prev;
48 int fd;
49 int flags; /* see EVENT_FD_* flags */
50 void (*handler)(struct fd_event *fde, int flags);
51 void *data;
52 size_t length, done;
53 void (*finished)(void *private_data, bool success);
54 void *private_data;
55 };
56
57 struct sid_ctr {
58 DOM_SID *sid;
59 bool finished;
60 const char *domain;
61 const char *name;
62 enum lsa_SidType type;
63 };
64
65 struct winbindd_cli_state {
66 struct winbindd_cli_state *prev, *next; /* Linked list pointers */
67 int sock; /* Open socket from client */
68 struct fd_event fd_event;
69 pid_t pid; /* pid of client */
70 bool finished; /* Can delete from list */
71 bool write_extra_data; /* Write extra_data field */
72 time_t last_access; /* Time of last access (read or write) */
73 bool privileged; /* Is the client 'privileged' */
74
75 TALLOC_CTX *mem_ctx; /* memory per request */
76 struct winbindd_request request; /* Request from client */
77 struct winbindd_response response; /* Respose to client */
78 bool getpwent_initialized; /* Has getpwent_state been
79 * initialized? */
80 bool getgrent_initialized; /* Has getgrent_state been
81 * initialized? */
82 struct getent_state *getpwent_state; /* State for getpwent() */
83 struct getent_state *getgrent_state; /* State for getgrent() */
84 };
85
86 /* State between get{pw,gr}ent() calls */
87
88 struct getent_state {
89 struct getent_state *prev, *next;
90 void *sam_entries;
91 uint32 sam_entry_index, num_sam_entries;
92 bool got_sam_entries;
93 fstring domain_name;
94 };
95
96 /* Storage for cached getpwent() user entries */
97
98 struct getpwent_user {
99 fstring name; /* Account name */
100 fstring gecos; /* User information */
101 fstring homedir; /* User Home Directory */
102 fstring shell; /* User Login Shell */
103 DOM_SID user_sid; /* NT user and primary group SIDs */
104 DOM_SID group_sid;
105 };
106
107 /* Server state structure */
108
109 typedef struct {
110 char *acct_name;
111 char *full_name;
112 char *homedir;
113 char *shell;
114 gid_t primary_gid; /* allow the nss_info
115 backend to set the primary group */
116 DOM_SID user_sid; /* NT user and primary group SIDs */
117 DOM_SID group_sid;
118 } WINBIND_USERINFO;
119
120 /* Our connection to the DC */
121
122 struct winbindd_cm_conn {
123 struct cli_state *cli;
124
125 struct rpc_pipe_client *samr_pipe;
126 POLICY_HND sam_connect_handle, sam_domain_handle;
127
128 struct rpc_pipe_client *lsa_pipe;
129 POLICY_HND lsa_policy;
130
131 struct rpc_pipe_client *netlogon_pipe;
132 };
133
134 struct winbindd_async_request;
135
136 /* Async child */
137
138 struct winbindd_domain;
139
140 struct winbindd_child_dispatch_table {
141 const char *name;
142 enum winbindd_cmd struct_cmd;
143 enum winbindd_result (*struct_fn)(struct winbindd_domain *domain,
144 struct winbindd_cli_state *state);
145 };
146
147 struct winbindd_child {
148 struct winbindd_child *next, *prev;
149
150 pid_t pid;
151 struct winbindd_domain *domain;
152 char *logfilename;
153
154 struct fd_event event;
155 struct timed_event *lockout_policy_event;
156 struct timed_event *machine_password_change_event;
157 struct winbindd_async_request *requests;
158
159 const struct winbindd_child_dispatch_table *table;
160 };
161
162 /* Structures to hold per domain information */
163
164 struct winbindd_domain {
165 fstring name; /* Domain name (NetBIOS) */
166 fstring alt_name; /* alt Domain name, if any (FQDN for ADS) */
167 fstring forest_name; /* Name of the AD forest we're in */
168 DOM_SID sid; /* SID for this domain */
169 uint32 domain_flags; /* Domain flags from netlogon.h */
170 uint32 domain_type; /* Domain type from netlogon.h */
171 uint32 domain_trust_attribs; /* Trust attribs from netlogon.h */
172 bool initialized; /* Did we already ask for the domain mode? */
173 bool native_mode; /* is this a win2k domain in native mode ? */
174 bool active_directory; /* is this a win2k active directory ? */
175 bool primary; /* is this our primary domain ? */
176 bool internal; /* BUILTIN and member SAM */
177 bool online; /* is this domain available ? */
178 time_t startup_time; /* When we set "startup" true. */
179 bool startup; /* are we in the first 30 seconds after startup_time ? */
180
181 bool can_do_samlogon_ex; /* Due to the lack of finer control what type
182 * of DC we have, let us try to do a
183 * credential-chain less samlogon_ex call
184 * with AD and schannel. If this fails with
185 * DCERPC_FAULT_OP_RNG_ERROR, then set this
186 * to False. This variable is around so that
187 * we don't have to try _ex every time. */
188
189 /* Lookup methods for this domain (LDAP or RPC) */
190 struct winbindd_methods *methods;
191
192 /* the backend methods are used by the cache layer to find the right
193 backend */
194 struct winbindd_methods *backend;
195
196 /* Private data for the backends (used for connection cache) */
197
198 void *private_data;
199
200 /*
201 * idmap config settings, used to tell the idmap child which
202 * special domain config to use for a mapping
203 */
204 bool have_idmap_config;
205 uint32_t id_range_low, id_range_high;
206
207 /* A working DC */
208 pid_t dc_probe_pid; /* Child we're using to detect the DC. */
209 fstring dcname;
210 struct sockaddr_storage dcaddr;
211
212 /* Sequence number stuff */
213
214 time_t last_seq_check;
215 uint32 sequence_number;
216 NTSTATUS last_status;
217
218 /* The smb connection */
219
220 struct winbindd_cm_conn conn;
221
222 /* The child pid we're talking to */
223
224 struct winbindd_child child;
225
226 /* Callback we use to try put us back online. */
227
228 uint32 check_online_timeout;
229 struct timed_event *check_online_event;
230
231 /* Linked list info */
232
233 struct winbindd_domain *prev, *next;
234 };
235
236 /* per-domain methods. This is how LDAP vs RPC is selected
237 */
238 struct winbindd_methods {
239 /* does this backend provide a consistent view of the data? (ie. is the primary group
240 always correct) */
241 bool consistent;
242
243 /* get a list of users, returning a WINBIND_USERINFO for each one */
244 NTSTATUS (*query_user_list)(struct winbindd_domain *domain,
245 TALLOC_CTX *mem_ctx,
246 uint32 *num_entries,
247 WINBIND_USERINFO **info);
248
249 /* get a list of domain groups */
250 NTSTATUS (*enum_dom_groups)(struct winbindd_domain *domain,
251 TALLOC_CTX *mem_ctx,
252 uint32 *num_entries,
253 struct acct_info **info);
254
255 /* get a list of domain local groups */
256 NTSTATUS (*enum_local_groups)(struct winbindd_domain *domain,
257 TALLOC_CTX *mem_ctx,
258 uint32 *num_entries,
259 struct acct_info **info);
260
261 /* convert one user or group name to a sid */
262 NTSTATUS (*name_to_sid)(struct winbindd_domain *domain,
263 TALLOC_CTX *mem_ctx,
264 enum winbindd_cmd orig_cmd,
265 const char *domain_name,
266 const char *name,
267 DOM_SID *sid,
268 enum lsa_SidType *type);
269
270 /* convert a sid to a user or group name */
271 NTSTATUS (*sid_to_name)(struct winbindd_domain *domain,
272 TALLOC_CTX *mem_ctx,
273 const DOM_SID *sid,
274 char **domain_name,
275 char **name,
276 enum lsa_SidType *type);
277
278 NTSTATUS (*rids_to_names)(struct winbindd_domain *domain,
279 TALLOC_CTX *mem_ctx,
280 const DOM_SID *domain_sid,
281 uint32 *rids,
282 size_t num_rids,
283 char **domain_name,
284 char ***names,
285 enum lsa_SidType **types);
286
287 /* lookup user info for a given SID */
288 NTSTATUS (*query_user)(struct winbindd_domain *domain,
289 TALLOC_CTX *mem_ctx,
290 const DOM_SID *user_sid,
291 WINBIND_USERINFO *user_info);
292
293 /* lookup all groups that a user is a member of. The backend
294 can also choose to lookup by username or rid for this
295 function */
296 NTSTATUS (*lookup_usergroups)(struct winbindd_domain *domain,
297 TALLOC_CTX *mem_ctx,
298 const DOM_SID *user_sid,
299 uint32 *num_groups, DOM_SID **user_gids);
300
301 /* Lookup all aliases that the sids delivered are member of. This is
302 * to implement 'domain local groups' correctly */
303 NTSTATUS (*lookup_useraliases)(struct winbindd_domain *domain,
304 TALLOC_CTX *mem_ctx,
305 uint32 num_sids,
306 const DOM_SID *sids,
307 uint32 *num_aliases,
308 uint32 **alias_rids);
309
310 /* find all members of the group with the specified group_rid */
311 NTSTATUS (*lookup_groupmem)(struct winbindd_domain *domain,
312 TALLOC_CTX *mem_ctx,
313 const DOM_SID *group_sid,
314 uint32 *num_names,
315 DOM_SID **sid_mem, char ***names,
316 uint32 **name_types);
317
318 /* return the current global sequence number */
319 NTSTATUS (*sequence_number)(struct winbindd_domain *domain, uint32 *seq);
320
321 /* return the lockout policy */
322 NTSTATUS (*lockout_policy)(struct winbindd_domain *domain,
323 TALLOC_CTX *mem_ctx,
324 struct samr_DomInfo12 *lockout_policy);
325
326 /* return the lockout policy */
327 NTSTATUS (*password_policy)(struct winbindd_domain *domain,
328 TALLOC_CTX *mem_ctx,
329 struct samr_DomInfo1 *password_policy);
330
331 /* enumerate trusted domains */
332 NTSTATUS (*trusted_domains)(struct winbindd_domain *domain,
333 TALLOC_CTX *mem_ctx,
334 uint32 *num_domains,
335 char ***names,
336 char ***alt_names,
337 DOM_SID **dom_sids);
338 };
339
340 /* Used to glue a policy handle and cli_state together */
341
342 typedef struct {
343 struct cli_state *cli;
344 POLICY_HND pol;
345 } CLI_POLICY_HND;
346
347 /* Filled out by IDMAP backends */
348 struct winbindd_idmap_methods {
349 /* Called when backend is first loaded */
350 bool (*init)(void);
351
352 bool (*get_sid_from_uid)(uid_t uid, DOM_SID *sid);
353 bool (*get_sid_from_gid)(gid_t gid, DOM_SID *sid);
354
355 bool (*get_uid_from_sid)(DOM_SID *sid, uid_t *uid);
356 bool (*get_gid_from_sid)(DOM_SID *sid, gid_t *gid);
357
358 /* Called when backend is unloaded */
359 bool (*close)(void);
360 /* Called to dump backend status */
361 void (*status)(void);
362 };
363
364 /* Data structures for dealing with the trusted domain cache */
365
366 struct winbindd_tdc_domain {
367 const char *domain_name;
368 const char *dns_name;
369 DOM_SID sid;
370 uint32 trust_flags;
371 uint32 trust_attribs;
372 uint32 trust_type;
373 };
374
375 /* Switch for listing users or groups */
376 enum ent_type {
377 LIST_USERS = 0,
378 LIST_GROUPS,
379 };
380
381 #include "winbindd/winbindd_proto.h"
382
383 #define WINBINDD_ESTABLISH_LOOP 30
384 #define WINBINDD_RESCAN_FREQ lp_winbind_cache_time()
385 #define WINBINDD_PAM_AUTH_KRB5_RENEW_TIME 2592000 /* one month */
386 #define DOM_SEQUENCE_NONE ((uint32)-1)
387
388 #define IS_DOMAIN_OFFLINE(x) ( lp_winbind_offline_logon() && \
389 ( get_global_winbindd_state_offline() \
390 || !(x)->online ) )
391 #define IS_DOMAIN_ONLINE(x) (!IS_DOMAIN_OFFLINE(x))
392
393 #endif /* _WINBINDD_H */
reg import