#define WINBINDD_SOCKET_NAME "pipe" /* Name of PF_UNIX socket */
-/* Let the build environment override the public winbindd socket location. This
- * is needed for launchd support -- jpeach.
- */
-#ifndef WINBINDD_SOCKET_DIR
-#define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */
-#endif
-
-/*
- * when compiled with socket_wrapper support
- * the location of the WINBINDD_SOCKET_DIR
- * can be overwritten via an environment variable
+/* We let the build environment set the public winbindd socket
+ * location. Therefore we no longer set
+ *
+ * #define WINBINDD_SOCKET_DIR "/tmp/.winbindd"
+ *
+ * A number of different distributions set different paths, and so it
+ * needs to come from configure in Samba. External users of this header will
+ * need to know where the path is on their system by some other
+ * mechanism.
*/
-#define WINBINDD_SOCKET_DIR_ENVVAR "WINBINDD_SOCKET_DIR"
-#define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */
+#define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lock_directory() to hold the 'privileged' pipe */
#define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */
#define WINBINDD_DONT_ENV "_NO_WINBINDD"
#define WINBINDD_LOCATOR_KDC_ADDRESS "WINBINDD_LOCATOR_KDC_ADDRESS"
* 25: removed WINBINDD_SET_HWM
* removed WINBINDD_SET_MAPPING
* removed WINBINDD_REMOVE_MAPPING
+ * 26: added WINBINDD_DC_INFO
+ * 27: added WINBINDD_LOOKUPSIDS
+ * 28: added WINBINDD_XIDS_TO_SIDS
+ * removed WINBINDD_SID_TO_UID
+ * removed WINBINDD_SID_TO_GID
+ * removed WINBINDD_GID_TO_SID
+ * removed WINBINDD_UID_TO_SID
+ * 29: added "authoritative" to response.data.auth
+ * 30: added "validation_level" and "info6" to response.data.auth
*/
-#define WINBIND_INTERFACE_VERSION 25
+#define WINBIND_INTERFACE_VERSION 30
/* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
On a 64bit Linux box, we have to support a constant structure size
WINBINDD_LOOKUPSID,
WINBINDD_LOOKUPNAME,
WINBINDD_LOOKUPRIDS,
+ WINBINDD_LOOKUPSIDS,
/* Lookup functions */
- WINBINDD_SID_TO_UID,
- WINBINDD_SID_TO_GID,
WINBINDD_SIDS_TO_XIDS,
- WINBINDD_UID_TO_SID,
- WINBINDD_GID_TO_SID,
+ WINBINDD_XIDS_TO_SIDS,
WINBINDD_ALLOCATE_UID,
WINBINDD_ALLOCATE_GID,
struct winbindd_domain */
WINBINDD_GETDCNAME, /* Issue a GetDCName Request */
WINBINDD_DSGETDCNAME, /* Issue a DsGetDCName Request */
+ WINBINDD_DC_INFO, /* Which DC are we connected to? */
WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */
uint32_t gr_mem_ofs; /* offset to group membership */
} WINBINDD_GR;
-/* PAM specific request flags */
+/* Request flags */
#define WBFLAG_PAM_INFO3_NDR 0x00000001
#define WBFLAG_PAM_INFO3_TEXT 0x00000002
#define WBFLAG_PAM_USER_SESSION_KEY 0x00000004
#define WBFLAG_PAM_LMKEY 0x00000008
#define WBFLAG_PAM_CONTACT_TRUSTDOM 0x00000010
+#define WBFLAG_QUERY_ONLY 0x00000020 /* not used */
+#define WBFLAG_PAM_AUTH_PAC 0x00000040
#define WBFLAG_PAM_UNIX_NAME 0x00000080
#define WBFLAG_PAM_AFS_TOKEN 0x00000100
#define WBFLAG_PAM_NT_STATUS_SQUASH 0x00000200
-#define WBFLAG_PAM_KRB5 0x00001000
-#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x00002000
-#define WBFLAG_PAM_CACHED_LOGIN 0x00004000
-#define WBFLAG_PAM_GET_PWD_POLICY 0x00008000
-
-/* generic request flags */
-#define WBFLAG_QUERY_ONLY 0x00000020 /* not used */
/* This is a flag that can only be sent from parent to child */
#define WBFLAG_IS_PRIVILEGED 0x00000400 /* not used */
/* Flag to say this is a winbindd internal send - don't recurse. */
#define WBFLAG_RECURSE 0x00000800
+#define WBFLAG_PAM_KRB5 0x00001000
+#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x00002000
+#define WBFLAG_PAM_CACHED_LOGIN 0x00004000
+#define WBFLAG_PAM_GET_PWD_POLICY 0x00008000
/* Flag to tell winbind the NTLMv2 blob is too big for the struct and is in the
* extra_data field */
#define WBFLAG_BIG_NTLMV2_BLOB 0x00010000
gid_t gid; /* getgrgid, gid_to_sid */
uint32_t ndrcmd;
struct {
- /* We deliberatedly don't split into domain/user to
+ /* We deliberately don't split into domain/user to
avoid having the client know what the separator
character is. */
fstring user;
char first_8_lm_hash[8];
fstring krb5ccname;
uint32_t reject_reason;
- uint32_t padding;
+ uint8_t authoritative;
+ uint8_t padding[1];
+ uint16_t validation_level;
struct policy_settings {
uint32_t min_length_password;
uint32_t password_history;
fstring logon_srv;
fstring logon_dom;
} info3;
+ struct info6_text {
+ fstring dns_domainname;
+ fstring principal_name;
+ } info6;
fstring unix_username;
} auth;
struct {
struct {
uint8_t session_key[16];
uint32_t auth_blob_len; /* blob in extra_data */
+ uint8_t new_spnego;
} ccache_ntlm_auth;
struct {
fstring dc_unc;
git.samba.org / samba.git / blobdiff