/* Update this when you change the interface.
* 21: added WINBINDD_GETPWSID
* added WINBINDD_GETSIDALIASES
+ * 22: added WINBINDD_PING_DC
+ * 23: added session_key to ccache_ntlm_auth response
+ * added WINBINDD_CCACHE_SAVE
+ * 24: Fill in num_entries WINBINDD_LIST_USERS and WINBINDD_LIST_GROUPS
+ * 25: removed WINBINDD_SET_HWM
+ * removed WINBINDD_SET_MAPPING
+ * removed WINBINDD_REMOVE_MAPPING
+ * 26: added WINBINDD_DC_INFO
+ * 27: added WINBINDD_LOOKUPSIDS
*/
-#define WINBIND_INTERFACE_VERSION 21
+#define WINBIND_INTERFACE_VERSION 27
/* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
On a 64bit Linux box, we have to support a constant structure size
- between /lib/libnss_winbind.so.2 and /li64/libnss_winbind.so.2.
+ between /lib/libnss_winbind.so.2 and /lib64/libnss_winbind.so.2.
The easiest way to do this is to always use 8byte values for time_t. */
#define SMB_TIME_T int64_t
WINBINDD_LOOKUPSID,
WINBINDD_LOOKUPNAME,
WINBINDD_LOOKUPRIDS,
+ WINBINDD_LOOKUPSIDS,
/* Lookup functions */
WINBINDD_ALLOCATE_UID,
WINBINDD_ALLOCATE_GID,
- WINBINDD_SET_MAPPING,
- WINBINDD_REMOVE_MAPPING,
- WINBINDD_SET_HWM,
/* Miscellaneous other stuff */
WINBINDD_CHECK_MACHACC, /* Check machine account pw works */
+ WINBINDD_CHANGE_MACHACC, /* Change machine account pw */
+ WINBINDD_PING_DC, /* Ping the DC through NETLOGON */
WINBINDD_PING, /* Just tell me winbind is running */
WINBINDD_INFO, /* Various bit of info. Currently just tidbits */
WINBINDD_DOMAIN_NAME, /* The domain this winbind server is a member of (lp_workgroup()) */
struct winbindd_domain */
WINBINDD_GETDCNAME, /* Issue a GetDCName Request */
WINBINDD_DSGETDCNAME, /* Issue a DsGetDCName Request */
+ WINBINDD_DC_INFO, /* Which DC are we connected to? */
WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */
WINBINDD_DUAL_SIDS2XIDS,
WINBINDD_DUAL_UID2SID,
WINBINDD_DUAL_GID2SID,
- WINBINDD_DUAL_SET_MAPPING,
- WINBINDD_DUAL_REMOVE_MAPPING,
- WINBINDD_DUAL_SET_HWM,
/* Wrapper around possibly blocking unix nss calls */
WINBINDD_DUAL_USERINFO,
WINBINDD_DUAL_GETSIDALIASES,
+ WINBINDD_DUAL_NDRCMD,
+
/* Complete the challenge phase of the NTLM authentication
protocol using cached password. */
WINBINDD_CCACHE_NTLMAUTH,
+ WINBINDD_CCACHE_SAVE,
WINBINDD_NUM_CMDS
};
uint32_t gr_mem_ofs; /* offset to group membership */
} WINBINDD_GR;
-/* PAM specific request flags */
+/* Request flags */
#define WBFLAG_PAM_INFO3_NDR 0x00000001
#define WBFLAG_PAM_INFO3_TEXT 0x00000002
#define WBFLAG_PAM_USER_SESSION_KEY 0x00000004
#define WBFLAG_PAM_LMKEY 0x00000008
#define WBFLAG_PAM_CONTACT_TRUSTDOM 0x00000010
+#define WBFLAG_QUERY_ONLY 0x00000020 /* not used */
+#define WBFLAG_PAM_AUTH_PAC 0x00000040
#define WBFLAG_PAM_UNIX_NAME 0x00000080
#define WBFLAG_PAM_AFS_TOKEN 0x00000100
#define WBFLAG_PAM_NT_STATUS_SQUASH 0x00000200
-#define WBFLAG_PAM_KRB5 0x00001000
-#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x00002000
-#define WBFLAG_PAM_CACHED_LOGIN 0x00004000
-#define WBFLAG_PAM_GET_PWD_POLICY 0x00008000
-
-/* generic request flags */
-#define WBFLAG_QUERY_ONLY 0x00000020 /* not used */
/* This is a flag that can only be sent from parent to child */
#define WBFLAG_IS_PRIVILEGED 0x00000400 /* not used */
/* Flag to say this is a winbindd internal send - don't recurse. */
#define WBFLAG_RECURSE 0x00000800
+#define WBFLAG_PAM_KRB5 0x00001000
+#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x00002000
+#define WBFLAG_PAM_CACHED_LOGIN 0x00004000
+#define WBFLAG_PAM_GET_PWD_POLICY 0x00008000
/* Flag to tell winbind the NTLMv2 blob is too big for the struct and is in the
* extra_data field */
#define WBFLAG_BIG_NTLMV2_BLOB 0x00010000
fstring groupname; /* getgrnam */
uid_t uid; /* getpwuid, uid_to_sid */
gid_t gid; /* getgrgid, gid_to_sid */
+ uint32_t ndrcmd;
struct {
/* We deliberatedly don't split into domain/user to
avoid having the client know what the separator
uint32_t initial_blob_len; /* blobs in extra_data */
uint32_t challenge_blob_len;
} ccache_ntlm_auth;
+ struct {
+ uid_t uid;
+ fstring user;
+ fstring pass;
+ } ccache_save;
struct {
fstring domain_name;
fstring domain_guid;
uint32_t group_rid;
} user_info;
struct {
+ uint8_t session_key[16];
uint32_t auth_blob_len; /* blob in extra_data */
} ccache_ntlm_auth;
struct {