#define _WINBINDD_PROTO_H_
/* The following definitions come from winbindd/winbindd.c */
-struct messaging_context *winbind_messaging_context(void);
struct imessaging_context *winbind_imessaging_context(void);
-void request_error(struct winbindd_cli_state *state);
-void request_ok(struct winbindd_cli_state *state);
+void winbindd_terminate(bool is_parent);
bool winbindd_setup_sig_term_handler(bool parent);
bool winbindd_setup_stdin_handler(bool parent, bool foreground);
bool winbindd_setup_sig_hup_handler(const char *lfile);
bool winbindd_use_idmap_cache(void);
bool winbindd_use_cache(void);
+void winbindd_set_use_cache(bool use_cache);
char *get_winbind_priv_pipe_dir(void);
-struct tevent_context *winbind_event_context(void);
+void winbindd_flush_caches(void);
+void winbind_debug_call_depth_setup(size_t *depth);
+void winbind_call_flow(void *private_data,
+ enum tevent_thread_call_depth_cmd cmd,
+ struct tevent_req *req,
+ size_t depth,
+ const char *fname);
+bool winbindd_reload_services_file(const char *lfile);
/* The following definitions come from winbindd/winbindd_ads.c */
struct dom_sid **sid_mem,
char ***names,
uint32_t **name_types);
+NTSTATUS wb_cache_lookup_aliasmem(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ const struct dom_sid *group_sid,
+ enum lsa_SidType type,
+ uint32_t *num_names,
+ struct dom_sid **sid_mem);
NTSTATUS wb_cache_sequence_number(struct winbindd_domain *domain,
uint32_t *seq);
NTSTATUS wb_cache_lockout_policy(struct winbindd_domain *domain,
struct netr_DomainTrustList *trusts);
NTSTATUS wcache_cached_creds_exist(struct winbindd_domain *domain, const struct dom_sid *sid);
-NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
+NTSTATUS wcache_get_creds(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
const struct dom_sid *sid,
const uint8_t **cached_nt_pass,
const uint8_t **cached_salt);
-NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
+NTSTATUS wcache_save_creds(struct winbindd_domain *domain,
const struct dom_sid *sid,
const uint8_t nt_pass[NT_HASH_LEN]);
-void wcache_invalidate_samlogon(struct winbindd_domain *domain,
+void wcache_invalidate_samlogon(struct winbindd_domain *domain,
const struct dom_sid *user_sid);
bool wcache_invalidate_cache(void);
bool wcache_invalidate_cache_noinit(void);
bool lookup_cached_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
char **domain_name, char **name,
enum lsa_SidType *type);
-bool lookup_cached_name(const char *domain_name,
+bool lookup_cached_name(const char *namespace,
+ const char *domain_name,
const char *name,
struct dom_sid *sid,
enum lsa_SidType *type);
const char *name,
enum lsa_SidType type,
const struct dom_sid *sid);
-void cache_name2sid(struct winbindd_domain *domain,
+void cache_name2sid(struct winbindd_domain *domain,
const char *domain_name, const char *name,
enum lsa_SidType type, const struct dom_sid *sid);
NTSTATUS wcache_query_user_fullname(struct winbindd_domain *domain,
/* The following definitions come from winbindd/winbindd_ccache_access.c */
-void winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state);
+bool winbindd_ccache_ntlm_auth(struct winbindd_cli_state *state);
enum winbindd_result winbindd_dual_ccache_ntlm_auth(struct winbindd_domain *domain,
struct winbindd_cli_state *state);
-void winbindd_ccache_save(struct winbindd_cli_state *state);
+bool winbindd_ccache_save(struct winbindd_cli_state *state);
/* The following definitions come from winbindd/winbindd_cm.c */
void winbind_msg_domain_offline(struct messaging_context *msg_ctx,
void set_domain_offline(struct winbindd_domain *domain);
void set_domain_online_request(struct winbindd_domain *domain);
+struct cli_credentials;
+NTSTATUS winbindd_get_trust_credentials(struct winbindd_domain *domain,
+ TALLOC_CTX *mem_ctx,
+ bool netlogon,
+ bool allow_ipc_fallback,
+ struct cli_credentials **_creds);
+
struct ndr_interface_table;
NTSTATUS wb_open_internal_pipe(TALLOC_CTX *mem_ctx,
const struct ndr_interface_table *table,
struct policy_handle *lsa_policy);
NTSTATUS cm_connect_netlogon(struct winbindd_domain *domain,
struct rpc_pipe_client **cli);
+NTSTATUS cm_connect_netlogon_secure(struct winbindd_domain *domain,
+ struct rpc_pipe_client **cli,
+ struct netlogon_creds_cli_context **ppdc);
bool fetch_current_dc_from_gencache(TALLOC_CTX *mem_ctx,
const char *domain_name,
char **p_dc_name, char **p_dc_ip);
void ccache_regain_all_now(void);
NTSTATUS add_ccache_to_list(const char *princ_name,
const char *ccname,
- const char *service,
const char *username,
const char *password,
const char *realm,
time_t create_time,
time_t ticket_end,
time_t renew_until,
- bool postponed_request);
+ bool postponed_request,
+ const char *canon_principal,
+ const char *canon_realm);
NTSTATUS remove_ccache(const char *username);
struct WINBINDD_MEMORY_CREDS *find_memory_creds_by_name(const char *username);
NTSTATUS winbindd_add_memory_creds(const char *username,
TALLOC_CTX *mem_ctx,
const struct dom_sid *sid,
struct netr_SamInfo3 **info3,
- const uint8_t *cached_nt_pass[NT_HASH_LEN],
- const uint8_t *cred_salt[NT_HASH_LEN]);
+ const uint8_t **cached_nt_pass,
+ const uint8_t **cred_salt);
NTSTATUS winbindd_store_creds(struct winbindd_domain *domain,
- const char *user,
- const char *pass,
+ const char *user,
+ const char *pass,
struct netr_SamInfo3 *info3);
NTSTATUS winbindd_update_creds_by_info3(struct winbindd_domain *domain,
const char *user,
/* The following definitions come from winbindd/winbindd_dual.c */
struct dcerpc_binding_handle *dom_child_handle(struct winbindd_domain *domain);
-struct winbindd_child *choose_domain_child(struct winbindd_domain *domain);
struct tevent_req *wb_child_request_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct winbindd_response **presponse, int *err);
void setup_child(struct winbindd_domain *domain, struct winbindd_child *child,
- const struct winbindd_child_dispatch_table *table,
const char *logprefix,
const char *logname);
void winbind_child_died(pid_t pid);
uint32_t msg_type,
struct server_id server_id,
DATA_BLOB *data);
+void winbind_disconnect_dc_parent(struct messaging_context *msg_ctx,
+ void *private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB *data);
void winbind_msg_offline(struct messaging_context *msg_ctx,
void *private_data,
uint32_t msg_type,
uint32_t msg_type,
struct server_id server_id,
DATA_BLOB *data);
+void winbind_msg_disconnect_dc(struct messaging_context *msg_ctx,
+ void *private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB *data);
void winbind_msg_ip_dropped_parent(struct messaging_context *msg_ctx,
void *private_data,
uint32_t msg_type,
struct server_id server_id,
DATA_BLOB *data);
+void winbindd_msg_reload_services_parent(struct messaging_context *msg,
+ void *private_data,
+ uint32_t msg_type,
+ struct server_id server_id,
+ DATA_BLOB *data);
NTSTATUS winbindd_reinit_after_fork(const struct winbindd_child *myself,
const char *logfilename);
struct winbindd_domain *wb_child_domain(void);
+bool add_trusted_domains_dc(void);
/* The following definitions come from winbindd/winbindd_group.c */
bool fill_grent(TALLOC_CTX *mem_ctx, struct winbindd_gr *gr,
/* The following definitions come from winbindd/winbindd_idmap.c */
-void init_idmap_child(void);
+struct tevent_req *wb_parent_idmap_setup_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev);
+NTSTATUS wb_parent_idmap_setup_recv(struct tevent_req *req,
+ const struct wb_parent_idmap_config **_cfg);
+
+NTSTATUS init_idmap_child(TALLOC_CTX *mem_ctx);
struct winbindd_child *idmap_child(void);
+bool is_idmap_child(const struct winbindd_child *child);
+pid_t idmap_child_pid(void);
+struct dcerpc_binding_handle *idmap_child_handle(void);
struct idmap_domain *idmap_find_domain_with_sid(const char *domname,
const struct dom_sid *sid);
const char *idmap_config_const_string(const char *domname, const char *option,
const char *def);
bool idmap_config_bool(const char *domname, const char *option, bool def);
int idmap_config_int(const char *domname, const char *option, int def);
+const char **idmap_config_string_list(const char *domname,
+ const char *option,
+ const char **def);
bool domain_has_idmap_config(const char *domname);
bool lp_scan_idmap_domains(bool (*fn)(const char *domname,
void *private_data),
/* The following definitions come from winbindd/winbindd_locator.c */
-void init_locator_child(void);
+NTSTATUS init_locator_child(TALLOC_CTX *mem_ctx);
struct winbindd_child *locator_child(void);
+struct dcerpc_binding_handle *locator_child_handle(void);
/* The following definitions come from winbindd/winbindd_misc.c */
-void winbindd_list_trusted_domains(struct winbindd_cli_state *state);
-enum winbindd_result winbindd_dual_list_trusted_domains(struct winbindd_domain *domain,
- struct winbindd_cli_state *state);
-void winbindd_show_sequence(struct winbindd_cli_state *state);
-void winbindd_domain_info(struct winbindd_cli_state *state);
-void winbindd_dc_info(struct winbindd_cli_state *state);
-void winbindd_ping(struct winbindd_cli_state *state);
-void winbindd_info(struct winbindd_cli_state *state);
-void winbindd_interface_version(struct winbindd_cli_state *state);
-void winbindd_domain_name(struct winbindd_cli_state *state);
-void winbindd_netbios_name(struct winbindd_cli_state *state);
-void winbindd_priv_pipe_dir(struct winbindd_cli_state *state);
+bool winbindd_list_trusted_domains(struct winbindd_cli_state *state);
+bool winbindd_dc_info(struct winbindd_cli_state *state);
+bool winbindd_ping(struct winbindd_cli_state *state);
+bool winbindd_info(struct winbindd_cli_state *state);
+bool winbindd_interface_version(struct winbindd_cli_state *state);
+bool winbindd_domain_name(struct winbindd_cli_state *state);
+bool winbindd_netbios_name(struct winbindd_cli_state *state);
+bool winbindd_priv_pipe_dir(struct winbindd_cli_state *state);
/* The following definitions come from winbindd/winbindd_ndr.c */
struct ndr_print;
NTSTATUS append_auth_data(TALLOC_CTX *mem_ctx,
struct winbindd_response *resp,
uint32_t request_flags,
- struct netr_SamInfo3 *info3,
+ uint16_t validation_level,
+ union netr_Validation *validation,
const char *name_domain,
const char *name_user);
+NTSTATUS extra_data_to_sid_array(const char *group_sid,
+ TALLOC_CTX *mem_ctx,
+ struct wbint_SidArray **_sid_array);
uid_t get_uid_from_request(struct winbindd_request *request);
struct winbindd_domain *find_auth_domain(uint8_t flags,
const char *domain_name);
-enum winbindd_result winbindd_dual_pam_auth(struct winbindd_domain *domain,
- struct winbindd_cli_state *state) ;
-enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
- struct winbindd_cli_state *state) ;
-enum winbindd_result winbindd_dual_pam_chauthtok(struct winbindd_domain *contact_domain,
- struct winbindd_cli_state *state);
-enum winbindd_result winbindd_dual_pam_logoff(struct winbindd_domain *domain,
- struct winbindd_cli_state *state) ;
-enum winbindd_result winbindd_dual_pam_chng_pswd_auth_crap(struct winbindd_domain *domainSt, struct winbindd_cli_state *state);
-NTSTATUS winbindd_pam_auth_pac_send(struct winbindd_cli_state *state,
- struct netr_SamInfo3 **info3);
+struct pipes_struct;
+struct wbint_PamAuth;
+NTSTATUS _wbint_PamAuth(struct pipes_struct *p,
+ struct wbint_PamAuth *r);
+NTSTATUS _wbint_PamAuthCrap(struct pipes_struct *p,
+ struct wbint_PamAuthCrap *r);
+NTSTATUS _wbint_PamAuthChangePassword(struct pipes_struct *p,
+ struct wbint_PamAuthChangePassword *r);
+NTSTATUS _wbint_PamLogOff(struct pipes_struct *p,
+ struct wbint_PamLogOff *r);
+NTSTATUS _wbint_PamAuthCrapChangePassword(struct pipes_struct *p,
+ struct wbint_PamAuthCrapChangePassword *r);
+NTSTATUS winbindd_pam_auth_pac_verify(struct winbindd_cli_state *state,
+ TALLOC_CTX *mem_ctx,
+ bool *p_is_trusted,
+ uint16_t *p_validation_level,
+ union netr_Validation **p_validation);
NTSTATUS winbind_dual_SamLogon(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
+ bool interactive,
uint32_t logon_parameters,
const char *name_user,
const char *name_domain,
const char *workstation,
- const uint8_t chal[8],
+ const uint64_t logon_id,
+ const char *client_name,
+ const int pid,
+ DATA_BLOB chal,
DATA_BLOB lm_response,
DATA_BLOB nt_response,
+ const struct tsocket_address *remote,
+ const struct tsocket_address *local,
uint8_t *authoritative,
bool skip_sam,
uint32_t *flags,
- struct netr_SamInfo3 **info3);
+ uint16_t *_validation_level,
+ union netr_Validation **_validation);
/* The following definitions come from winbindd/winbindd_util.c */
struct winbindd_domain *domain_list(void);
struct winbindd_domain *wb_next_domain(struct winbindd_domain *domain);
+bool set_routing_domain(struct winbindd_domain *domain,
+ struct winbindd_domain *routing_domain);
+bool add_trusted_domain_from_auth(uint16_t validation_level,
+ struct info3_text *info3,
+ struct info6_text *info6);
bool domain_is_forest_root(const struct winbindd_domain *domain);
void rescan_trusted_domains(struct tevent_context *ev, struct tevent_timer *te,
struct timeval now, void *private_data);
-enum winbindd_result winbindd_dual_init_connection(struct winbindd_domain *domain,
- struct winbindd_cli_state *state);
+void winbindd_ping_offline_domains(struct tevent_context *ev,
+ struct tevent_timer *te,
+ struct timeval now,
+ void *private_data);
bool init_domain_list(void);
struct winbindd_domain *find_domain_from_name_noinit(const char *domain_name);
+struct winbindd_domain *find_trust_from_name_noinit(const char *domain_name);
struct winbindd_domain *find_domain_from_name(const char *domain_name);
struct winbindd_domain *find_domain_from_sid_noinit(const struct dom_sid *sid);
+struct winbindd_domain *find_trust_from_sid_noinit(const struct dom_sid *sid);
struct winbindd_domain *find_domain_from_sid(const struct dom_sid *sid);
struct winbindd_domain *find_our_domain(void);
+struct winbindd_domain *find_default_route_domain(void);
struct winbindd_domain *find_lookup_domain_from_sid(const struct dom_sid *sid);
struct winbindd_domain *find_lookup_domain_from_name(const char *domain_name);
-bool parse_domain_user(const char *domuser, fstring domain, fstring user);
-bool parse_domain_user_talloc(TALLOC_CTX *mem_ctx, const char *domuser,
- char **domain, char **user);
-bool canonicalize_username(fstring username_inout, fstring domain, fstring user);
-void fill_domain_username(fstring name, const char *domain, const char *user, bool can_assume);
+/**
+ * Parse a DOMAIN\user or UPN string into a domain, namespace and a user
+ *
+ * @param[in] ctx talloc context
+ * @param[in] domuser a DOMAIN\user or UPN string
+ * @param[out] namespace
+ * @param[out] domain
+ * @param[out] user
+ * @return bool indicating success or failure
+ */
+bool parse_domain_user(TALLOC_CTX *ctx,
+ const char *domuser,
+ char **namespace,
+ char **domain,
+ char **user);
+/**
+ * Ensure an incoming username from NSS is fully qualified. Replace the
+ * incoming username with DOMAIN <separator> user. Additionally returns
+ * the same values as parse_domain_user() as out params.
+ * Used to ensure all names are fully qualified within winbindd.
+ * Used by the NSS protocols of auth, chauthtok, logoff and ccache_ntlm_auth.
+ * The protocol definitions of auth_crap, chng_pswd_auth_crap
+ * really should be changed to use this instead of doing things
+ * by hand. JRA.
+ *
+ * @param[in] mem_ctx talloc context
+ * @param[in,out] username_inout populated with fully qualified name
+ with format 'DOMAIN <separator> user' where DOMAIN and
+ user are determined by the output of parse_domain_user()
+ * @param[out] namespace populated with namespace returned from
+ parse_domain_user()
+ * @param[out] domain populated with domain returned from
+ parse_domain_user()
+ * @param[out] populated with user returned from
+ parse_domain_user()
+ * @return bool indicating success or failure
+ */
+bool canonicalize_username(TALLOC_CTX *mem_ctx,
+ char **username_inout,
+ char **namespace,
+ char **domain,
+ char **user);
char *fill_domain_username_talloc(TALLOC_CTX *ctx,
const char *domain,
const char *user,
uint32_t *p_num_groups, struct dom_sid **user_sids);
NTSTATUS normalize_name_map(TALLOC_CTX *mem_ctx,
- struct winbindd_domain *domain,
+ const char *domain_name,
const char *name,
char **normalized);
NTSTATUS normalize_name_unmap(TALLOC_CTX *mem_ctx,
- char *name,
+ const char *name,
char **normalized);
NTSTATUS resolve_username_to_alias(TALLOC_CTX *mem_ctx,
const char *alias, char **name);
bool winbindd_can_contact_domain(struct winbindd_domain *domain);
-bool winbindd_internal_child(struct winbindd_child *child);
void winbindd_set_locator_kdc_envs(const struct winbindd_domain *domain);
void winbindd_unset_locator_kdc_env(const struct winbindd_domain *domain);
void winbindd_set_locator_kdc_envs(const struct winbindd_domain *domain);
void winbindd_wins_byname(struct winbindd_cli_state *state);
-struct tevent_req *wb_ping_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
- struct winbindd_cli_state *cli,
- struct winbindd_request *request);
-NTSTATUS wb_ping_recv(struct tevent_req *req,
- struct winbindd_response *resp);
-
-enum winbindd_result winbindd_dual_ping(struct winbindd_domain *domain,
- struct winbindd_cli_state *state);
-
struct dcerpc_binding_handle *wbint_binding_handle(TALLOC_CTX *mem_ctx,
struct winbindd_domain *domain,
struct winbindd_child *child);
struct tevent_req *wb_lookupname_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
- const char *dom_name, const char *name,
+ const char *namespace,
+ const char *dom_name,
+ const char *name,
uint32_t flags);
NTSTATUS wb_lookupname_recv(struct tevent_req *req, struct dom_sid *sid,
enum lsa_SidType *type);
struct tevent_req *wb_lookupuseraliases_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct winbindd_domain *domain,
- int num_sids,
+ uint32_t num_sids,
const struct dom_sid *sids);
NTSTATUS wb_lookupuseraliases_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
uint32_t *num_aliases, uint32_t **aliases);
struct tevent_context *ev,
const struct dom_sid *sid);
NTSTATUS wb_lookupusergroups_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
- int *num_sids, struct dom_sid **sids);
+ uint32_t *num_sids, struct dom_sid **sids);
struct tevent_req *winbindd_getuserdomgroups_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
const struct dom_sid *sid,
bool expand_local_aliases);
NTSTATUS wb_gettoken_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
- int *num_sids, struct dom_sid **sids);
+ uint32_t *num_sids, struct dom_sid **sids);
struct tevent_req *winbindd_getgroups_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct winbindd_cli_state *cli,
struct tevent_context *ev);
NTSTATUS wb_seqnums_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
int *num_domains, struct winbindd_domain ***domains,
- NTSTATUS **stati, uint32_t **seqnums);
+ NTSTATUS **statuses, uint32_t **seqnums);
struct tevent_req *winbindd_show_sequence_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tevent_req *wb_group_members_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
const struct dom_sid *sid,
- enum lsa_SidType type,
+ uint32_t num_sids,
+ enum lsa_SidType *type,
int max_depth);
NTSTATUS wb_group_members_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
struct db_context **members);
+
+struct tevent_req *wb_alias_members_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ const struct dom_sid *sid,
+ enum lsa_SidType type,
+ int max_nesting);
+NTSTATUS wb_alias_members_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ uint32_t *num_sids,
+ struct dom_sid **sids);
+
NTSTATUS add_member_to_db(struct db_context *db, struct dom_sid *sid,
const char *name);
struct tevent_context *ev,
struct winbindd_domain *domain);
NTSTATUS wb_query_group_list_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
- int *num_users,
+ uint32_t *num_users,
struct wbint_Principal **groups);
struct tevent_req *wb_next_pwent_send(TALLOC_CTX *mem_ctx,
struct winbindd_response *response);
struct tevent_req *wb_xids2sids_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
- struct unixid *xids,
+ const struct unixid *xids,
uint32_t num_xids);
NTSTATUS wb_xids2sids_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
struct dom_sid **sids);
struct winbindd_request *request);
NTSTATUS winbindd_wins_byname_recv(struct tevent_req *req,
struct winbindd_response *presp);
-
+struct tevent_req *winbindd_domain_info_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct winbindd_cli_state *cli,
+ struct winbindd_request *request);
+NTSTATUS winbindd_domain_info_recv(struct tevent_req *req,
+ struct winbindd_response *response);
/* The following definitions come from winbindd/winbindd_samr.c */
/* The following definitions come from winbindd/winbindd_reconnect.c */
bool reconnect_need_retry(NTSTATUS status, struct winbindd_domain *domain);
+/* The following definitions come from winbindd/winbindd_gpupdate.c */
+void gpupdate_init(void);
+void gpupdate_user_init(const char *user);
+
+/* The following comes from winbindd/winbindd_dual_srv.c */
+bool reset_cm_connection_on_error(struct winbindd_domain *domain,
+ struct dcerpc_binding_handle *b,
+ NTSTATUS status);
+
#endif /* _WINBINDD_PROTO_H_ */
git.samba.org / samba.git / blobdiff