/* The following definitions come from winbindd/winbindd.c */
struct imessaging_context *winbind_imessaging_context(void);
+void winbindd_terminate(bool is_parent);
bool winbindd_setup_sig_term_handler(bool parent);
bool winbindd_setup_stdin_handler(bool parent, bool foreground);
bool winbindd_setup_sig_hup_handler(const char *lfile);
bool winbindd_use_idmap_cache(void);
bool winbindd_use_cache(void);
+void winbindd_set_use_cache(bool use_cache);
char *get_winbind_priv_pipe_dir(void);
+void winbindd_flush_caches(void);
+void winbind_debug_call_depth_setup(size_t *depth);
+void winbind_call_flow(void *private_data,
+ enum tevent_thread_call_depth_cmd cmd,
+ struct tevent_req *req,
+ size_t depth,
+ const char *fname);
+bool winbindd_reload_services_file(const char *lfile);
/* The following definitions come from winbindd/winbindd_ads.c */
struct dom_sid **sid_mem,
char ***names,
uint32_t **name_types);
+NTSTATUS wb_cache_lookup_aliasmem(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const struct dom_sid *group_sid,
+ enum lsa_SidType type,
+ uint32_t *num_names,
+ struct dom_sid **sid_mem);
NTSTATUS wb_cache_sequence_number(struct winbindd_domain *domain,
uint32_t *seq);
NTSTATUS wb_cache_lockout_policy(struct winbindd_domain *domain,
struct netr_DomainTrustList *trusts);
NTSTATUS wcache_cached_creds_exist(struct winbindd_domain *domain, const struct dom_sid *sid);
-NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
+NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
const struct dom_sid *sid,
const uint8_t **cached_nt_pass,
const uint8_t **cached_salt);
-NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
+NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
const struct dom_sid *sid,
const uint8_t nt_pass[NT_HASH_LEN]);
-void wcache_invalidate_samlogon(struct winbindd_domain *domain,
+void wcache_invalidate_samlogon(struct winbindd_domain *domain,
const struct dom_sid *user_sid);
bool wcache_invalidate_cache(void);
bool wcache_invalidate_cache_noinit(void);
const char *name,
enum lsa_SidType type,
const struct dom_sid *sid);
-void cache_name2sid(struct winbindd_domain *domain,
+void cache_name2sid(struct winbindd_domain *domain,
const char *domain_name, const char *name,
enum lsa_SidType type, const struct dom_sid *sid);
NTSTATUS wcache_query_user_fullname(struct winbindd_domain *domain,
void set_domain_offline(struct winbindd_domain *domain);
void set_domain_online_request(struct winbindd_domain *domain);
+struct cli_credentials;
+NTSTATUS winbindd_get_trust_credentials(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ bool netlogon,
+ bool allow_ipc_fallback,
+ struct cli_credentials **_creds);
+
struct ndr_interface_table;
NTSTATUS wb_open_internal_pipe(TALLOC_CTX *mem_ctx,
const struct ndr_interface_table *table,
void ccache_regain_all_now(void);
NTSTATUS add_ccache_to_list(const char *princ_name,
const char *ccname,
- const char *service,
const char *username,
const char *password,
const char *realm,
time_t create_time,
time_t ticket_end,
time_t renew_until,
- bool postponed_request);
+ bool postponed_request,
+ const char *canon_principal,
+ const char *canon_realm);
NTSTATUS remove_ccache(const char *username);
struct WINBINDD_MEMORY_CREDS *find_memory_creds_by_name(const char *username);
NTSTATUS winbindd_add_memory_creds(const char *username,
TALLOC_CTX *mem_ctx,
const struct dom_sid *sid,
struct netr_SamInfo3 **info3,
- const uint8_t *cached_nt_pass[NT_HASH_LEN],
- const uint8_t *cred_salt[NT_HASH_LEN]);
+ const uint8_t **cached_nt_pass,
+ const uint8_t **cred_salt);
NTSTATUS winbindd_store_creds(struct winbindd_domain *domain,
- const char *user,
- const char *pass,
+ const char *user,
+ const char *pass,
struct netr_SamInfo3 *info3);
NTSTATUS winbindd_update_creds_by_info3(struct winbindd_domain *domain,
const char *user,
struct winbindd_response **presponse, int *err);
void setup_child(struct winbindd_domain *domain, struct winbindd_child *child,
- const struct winbindd_child_dispatch_table *table,
const char *logprefix,
const char *logname);
void winbind_child_died(pid_t pid);
uint32_t msg_type,
struct server_id server_id,
DATA_BLOB *data);
+void winbindd_msg_reload_services_parent(struct messaging_context *msg,
+ void *private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB *data);
NTSTATUS winbindd_reinit_after_fork(const struct winbindd_child *myself,
const char *logfilename);
struct winbindd_domain *wb_child_domain(void);
+bool add_trusted_domains_dc(void);
/* The following definitions come from winbindd/winbindd_group.c */
bool fill_grent(TALLOC_CTX *mem_ctx, struct winbindd_gr *gr,
/* The following definitions come from winbindd/winbindd_idmap.c */
-void init_idmap_child(void);
+struct tevent_req *wb_parent_idmap_setup_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev);
+NTSTATUS wb_parent_idmap_setup_recv(struct tevent_req *req,
+ const struct wb_parent_idmap_config **_cfg);
+
+NTSTATUS init_idmap_child(TALLOC_CTX *mem_ctx);
struct winbindd_child *idmap_child(void);
+bool is_idmap_child(const struct winbindd_child *child);
+pid_t idmap_child_pid(void);
struct dcerpc_binding_handle *idmap_child_handle(void);
struct idmap_domain *idmap_find_domain_with_sid(const char *domname,
const struct dom_sid *sid);
const char *def);
bool idmap_config_bool(const char *domname, const char *option, bool def);
int idmap_config_int(const char *domname, const char *option, int def);
+const char **idmap_config_string_list(const char *domname,
+ const char *option,
+ const char **def);
bool domain_has_idmap_config(const char *domname);
bool lp_scan_idmap_domains(bool (*fn)(const char *domname,
void *private_data),
/* The following definitions come from winbindd/winbindd_locator.c */
-void init_locator_child(void);
+NTSTATUS init_locator_child(TALLOC_CTX *mem_ctx);
struct winbindd_child *locator_child(void);
struct dcerpc_binding_handle *locator_child_handle(void);
/* The following definitions come from winbindd/winbindd_misc.c */
bool winbindd_list_trusted_domains(struct winbindd_cli_state *state);
-enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *domain,
- struct winbindd_cli_state *state);
bool winbindd_dc_info(struct winbindd_cli_state *state);
bool winbindd_ping(struct winbindd_cli_state *state);
bool winbindd_info(struct winbindd_cli_state *state);
union netr_Validation *validation,
const char *name_domain,
const char *name_user);
+NTSTATUS extra_data_to_sid_array(const char *group_sid,
+ TALLOC_CTX *mem_ctx,
+ struct wbint_SidArray **_sid_array);
uid_t get_uid_from_request(struct winbindd_request *request);
struct winbindd_domain *find_auth_domain(uint8_t flags,
const char *domain_name);
-enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
- struct winbindd_cli_state *state) ;
-enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
- struct winbindd_cli_state *state) ;
-enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact_domain,
- struct winbindd_cli_state *state);
-enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain,
- struct winbindd_cli_state *state) ;
-enum winbindd_result winbindd_dual_pam_chng_pswd_auth_crap(struct winbindd_domain *domainSt, struct winbindd_cli_state *state);
+struct pipes_struct;
+struct wbint_PamAuth;
+NTSTATUS _wbint_PamAuth(struct pipes_struct *p,
+ struct wbint_PamAuth *r);
+NTSTATUS _wbint_PamAuthCrap(struct pipes_struct *p,
+ struct wbint_PamAuthCrap *r);
+NTSTATUS _wbint_PamAuthChangePassword(struct pipes_struct *p,
+ struct wbint_PamAuthChangePassword *r);
+NTSTATUS _wbint_PamLogOff(struct pipes_struct *p,
+ struct wbint_PamLogOff *r);
+NTSTATUS _wbint_PamAuthCrapChangePassword(struct pipes_struct *p,
+ struct wbint_PamAuthCrapChangePassword *r);
NTSTATUS winbindd_pam_auth_pac_verify(struct winbindd_cli_state *state,
+ TALLOC_CTX *mem_ctx,
bool *p_is_trusted,
uint16_t *p_validation_level,
union netr_Validation **p_validation);
const uint64_t logon_id,
const char *client_name,
const int pid,
- const uint8_t chal[8],
+ DATA_BLOB chal,
DATA_BLOB lm_response,
DATA_BLOB nt_response,
const struct tsocket_address *remote,
bool domain_is_forest_root(const struct winbindd_domain *domain);
void rescan_trusted_domains(struct tevent_context *ev, struct tevent_timer *te,
struct timeval now, void *private_data);
-enum winbindd_result winbindd_dual_init_connection(struct winbindd_domain *domain,
- struct winbindd_cli_state *state);
+void winbindd_ping_offline_domains(struct tevent_context *ev,
+ struct tevent_timer *te,
+ struct timeval now,
+ void *private_data);
bool init_domain_list(void);
struct winbindd_domain *find_domain_from_name_noinit(const char *domain_name);
struct winbindd_domain *find_trust_from_name_noinit(const char *domain_name);
struct winbindd_domain *find_default_route_domain(void);
struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid);
struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name);
-bool parse_domain_user(const char *domuser,
- fstring namespace,
- fstring domain,
- fstring user);
-bool canonicalize_username(fstring username_inout,
- fstring namespace,
- fstring domain,
- fstring user);
+/**
+ * Parse a DOMAIN\user or UPN string into a domain, namespace and a user
+ *
+ * @param[in] ctx talloc context
+ * @param[in] domuser a DOMAIN\user or UPN string
+ * @param[out] namespace
+ * @param[out] domain
+ * @param[out] user
+ * @return bool indicating success or failure
+ */
+bool parse_domain_user(TALLOC_CTX *ctx,
+ const char *domuser,
+ char **namespace,
+ char **domain,
+ char **user);
+/**
+ * Ensure an incoming username from NSS is fully qualified. Replace the
+ * incoming username with DOMAIN <separator> user. Additionally returns
+ * the same values as parse_domain_user() as out params.
+ * Used to ensure all names are fully qualified within winbindd.
+ * Used by the NSS protocols of auth, chauthtok, logoff and ccache_ntlm_auth.
+ * The protocol definitions of auth_crap, chng_pswd_auth_crap
+ * really should be changed to use this instead of doing things
+ * by hand. JRA.
+ *
+ * @param[in] mem_ctx talloc context
+ * @param[in,out] username_inout populated with fully qualified name
+ with format 'DOMAIN <separator> user' where DOMAIN and
+ user are determined by the output of parse_domain_user()
+ * @param[out] namespace populated with namespace returned from
+ parse_domain_user()
+ * @param[out] domain populated with domain returned from
+ parse_domain_user()
+ * @param[out] populated with user returned from
+ parse_domain_user()
+ * @return bool indicating success or failure
+ */
+bool canonicalize_username(TALLOC_CTX *mem_ctx,
+ char **username_inout,
+ char **namespace,
+ char **domain,
+ char **user);
char *fill_domain_username_talloc(TALLOC_CTX *ctx,
const char *domain,
const char *user,
const char *name,
char **normalized);
NTSTATUS normalize_name_unmap(TALLOC_CTX *mem_ctx,
- char *name,
+ const char *name,
char **normalized);
NTSTATUS resolve_username_to_alias(TALLOC_CTX *mem_ctx,
void winbindd_wins_byname(struct winbindd_cli_state *state);
-enum winbindd_result winbindd_dual_ping(struct winbindd_domain *domain,
- struct winbindd_cli_state *state);
-
struct dcerpc_binding_handle *wbint_binding_handle(TALLOC_CTX *mem_ctx,
struct winbindd_domain *domain,
struct winbindd_child *child);
struct tevent_req *wb_lookupuseraliases_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct winbindd_domain *domain,
- int num_sids,
+ uint32_t num_sids,
const struct dom_sid *sids);
NTSTATUS wb_lookupuseraliases_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
uint32_t *num_aliases, uint32_t **aliases);
struct tevent_context *ev,
const struct dom_sid *sid);
NTSTATUS wb_lookupusergroups_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
- int *num_sids, struct dom_sid **sids);
+ uint32_t *num_sids, struct dom_sid **sids);
struct tevent_req *winbindd_getuserdomgroups_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
const struct dom_sid *sid,
bool expand_local_aliases);
NTSTATUS wb_gettoken_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
- int *num_sids, struct dom_sid **sids);
+ uint32_t *num_sids, struct dom_sid **sids);
struct tevent_req *winbindd_getgroups_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct winbindd_cli_state *cli,
struct tevent_context *ev);
NTSTATUS wb_seqnums_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
int *num_domains, struct winbindd_domain ***domains,
- NTSTATUS **stati, uint32_t **seqnums);
+ NTSTATUS **statuses, uint32_t **seqnums);
struct tevent_req *winbindd_show_sequence_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tevent_req *wb_group_members_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
const struct dom_sid *sid,
- enum lsa_SidType type,
+ uint32_t num_sids,
+ enum lsa_SidType *type,
int max_depth);
NTSTATUS wb_group_members_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
struct db_context **members);
+
+struct tevent_req *wb_alias_members_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ const struct dom_sid *sid,
+ enum lsa_SidType type,
+ int max_nesting);
+NTSTATUS wb_alias_members_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ uint32_t *num_sids,
+ struct dom_sid **sids);
+
NTSTATUS add_member_to_db(struct db_context *db, struct dom_sid *sid,
const char *name);
struct tevent_context *ev,
struct winbindd_domain *domain);
NTSTATUS wb_query_group_list_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
- int *num_users,
+ uint32_t *num_users,
struct wbint_Principal **groups);
struct tevent_req *wb_next_pwent_send(TALLOC_CTX *mem_ctx,
/* The following definitions come from winbindd/winbindd_gpupdate.c */
void gpupdate_init(void);
+void gpupdate_user_init(const char *user);
/* The following comes from winbindd/winbindd_dual_srv.c */
bool reset_cm_connection_on_error(struct winbindd_domain *domain,