#define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0)
#endif
+#ifndef FSTRING_LEN
+#define FSTRING_LEN 256
+typedef char fstring[FSTRING_LEN];
+#endif
+
#ifndef _WINBINDD_NTDOM_H
#define _WINBINDD_NTDOM_H
#define WINBINDD_SOCKET_NAME "pipe" /* Name of PF_UNIX socket */
-/* Let the build environment override the public winbindd socket location. This
- * is needed for launchd support -- jpeach.
- */
-#ifndef WINBINDD_SOCKET_DIR
-#define WINBINDD_SOCKET_DIR "/tmp/.winbindd" /* Name of PF_UNIX dir */
-#endif
-
-/*
- * when compiled with socket_wrapper support
- * the location of the WINBINDD_SOCKET_DIR
- * can be overwritten via an environment variable
+/* We let the build environment set the public winbindd socket
+ * location. Therefore we no longer set
+ *
+ * #define WINBINDD_SOCKET_DIR "/tmp/.winbindd"
+ *
+ * A number of different distributions set different paths, and so it
+ * needs to come from configure in Samba. External users of this header will
+ * need to know where the path is on their system by some other
+ * mechanism.
*/
-#define WINBINDD_SOCKET_DIR_ENVVAR "WINBINDD_SOCKET_DIR"
-#define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */
+#define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lock_directory() to hold the 'privileged' pipe */
#define WINBINDD_DOMAIN_ENV "WINBINDD_DOMAIN" /* Environment variables */
#define WINBINDD_DONT_ENV "_NO_WINBINDD"
#define WINBINDD_LOCATOR_KDC_ADDRESS "WINBINDD_LOCATOR_KDC_ADDRESS"
-/* Update this when you change the interface. */
-
-#define WINBIND_INTERFACE_VERSION 20
+/* Update this when you change the interface.
+ * 21: added WINBINDD_GETPWSID
+ * added WINBINDD_GETSIDALIASES
+ * 22: added WINBINDD_PING_DC
+ * 23: added session_key to ccache_ntlm_auth response
+ * added WINBINDD_CCACHE_SAVE
+ * 24: Fill in num_entries WINBINDD_LIST_USERS and WINBINDD_LIST_GROUPS
+ * 25: removed WINBINDD_SET_HWM
+ * removed WINBINDD_SET_MAPPING
+ * removed WINBINDD_REMOVE_MAPPING
+ * 26: added WINBINDD_DC_INFO
+ * 27: added WINBINDD_LOOKUPSIDS
+ * 28: added WINBINDD_XIDS_TO_SIDS
+ * removed WINBINDD_SID_TO_UID
+ * removed WINBINDD_SID_TO_GID
+ * removed WINBINDD_GID_TO_SID
+ * removed WINBINDD_UID_TO_SID
+ * 29: added "authoritative" to response.data.auth
+ * 30: added "validation_level" and "info6" to response.data.auth
+ */
+#define WINBIND_INTERFACE_VERSION 30
/* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
On a 64bit Linux box, we have to support a constant structure size
- between /lib/libnss_winbind.so.2 and /li64/libnss_winbind.so.2.
+ between /lib/libnss_winbind.so.2 and /lib64/libnss_winbind.so.2.
The easiest way to do this is to always use 8byte values for time_t. */
#define SMB_TIME_T int64_t
WINBINDD_GETPWNAM,
WINBINDD_GETPWUID,
+ WINBINDD_GETPWSID,
WINBINDD_GETGRNAM,
WINBINDD_GETGRGID,
WINBINDD_GETGROUPS,
WINBINDD_LOOKUPSID,
WINBINDD_LOOKUPNAME,
WINBINDD_LOOKUPRIDS,
+ WINBINDD_LOOKUPSIDS,
/* Lookup functions */
- WINBINDD_SID_TO_UID,
- WINBINDD_SID_TO_GID,
WINBINDD_SIDS_TO_XIDS,
- WINBINDD_UID_TO_SID,
- WINBINDD_GID_TO_SID,
+ WINBINDD_XIDS_TO_SIDS,
WINBINDD_ALLOCATE_UID,
WINBINDD_ALLOCATE_GID,
- WINBINDD_SET_MAPPING,
- WINBINDD_REMOVE_MAPPING,
- WINBINDD_SET_HWM,
/* Miscellaneous other stuff */
WINBINDD_CHECK_MACHACC, /* Check machine account pw works */
+ WINBINDD_CHANGE_MACHACC, /* Change machine account pw */
+ WINBINDD_PING_DC, /* Ping the DC through NETLOGON */
WINBINDD_PING, /* Just tell me winbind is running */
WINBINDD_INFO, /* Various bit of info. Currently just tidbits */
WINBINDD_DOMAIN_NAME, /* The domain this winbind server is a member of (lp_workgroup()) */
struct winbindd_domain */
WINBINDD_GETDCNAME, /* Issue a GetDCName Request */
WINBINDD_DSGETDCNAME, /* Issue a DsGetDCName Request */
+ WINBINDD_DC_INFO, /* Which DC are we connected to? */
WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */
/* Various group queries */
WINBINDD_GETUSERDOMGROUPS,
+ /* lookup local groups */
+ WINBINDD_GETSIDALIASES,
+
/* Initialize connection in a child */
WINBINDD_INIT_CONNECTION,
WINBINDD_DUAL_SIDS2XIDS,
WINBINDD_DUAL_UID2SID,
WINBINDD_DUAL_GID2SID,
- WINBINDD_DUAL_SET_MAPPING,
- WINBINDD_DUAL_REMOVE_MAPPING,
- WINBINDD_DUAL_SET_HWM,
/* Wrapper around possibly blocking unix nss calls */
WINBINDD_DUAL_USERINFO,
WINBINDD_DUAL_GETSIDALIASES,
+ WINBINDD_DUAL_NDRCMD,
+
/* Complete the challenge phase of the NTLM authentication
protocol using cached password. */
WINBINDD_CCACHE_NTLMAUTH,
+ WINBINDD_CCACHE_SAVE,
WINBINDD_NUM_CMDS
};
uint32_t gr_mem_ofs; /* offset to group membership */
} WINBINDD_GR;
-/* PAM specific request flags */
+/* Request flags */
#define WBFLAG_PAM_INFO3_NDR 0x00000001
#define WBFLAG_PAM_INFO3_TEXT 0x00000002
#define WBFLAG_PAM_USER_SESSION_KEY 0x00000004
#define WBFLAG_PAM_LMKEY 0x00000008
#define WBFLAG_PAM_CONTACT_TRUSTDOM 0x00000010
+#define WBFLAG_QUERY_ONLY 0x00000020 /* not used */
+#define WBFLAG_PAM_AUTH_PAC 0x00000040
#define WBFLAG_PAM_UNIX_NAME 0x00000080
#define WBFLAG_PAM_AFS_TOKEN 0x00000100
#define WBFLAG_PAM_NT_STATUS_SQUASH 0x00000200
-#define WBFLAG_PAM_KRB5 0x00001000
-#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x00002000
-#define WBFLAG_PAM_CACHED_LOGIN 0x00004000
-#define WBFLAG_PAM_GET_PWD_POLICY 0x00008000
-
-/* generic request flags */
-#define WBFLAG_QUERY_ONLY 0x00000020 /* not used */
/* This is a flag that can only be sent from parent to child */
#define WBFLAG_IS_PRIVILEGED 0x00000400 /* not used */
/* Flag to say this is a winbindd internal send - don't recurse. */
#define WBFLAG_RECURSE 0x00000800
+#define WBFLAG_PAM_KRB5 0x00001000
+#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x00002000
+#define WBFLAG_PAM_CACHED_LOGIN 0x00004000
+#define WBFLAG_PAM_GET_PWD_POLICY 0x00008000
/* Flag to tell winbind the NTLMv2 blob is too big for the struct and is in the
* extra_data field */
#define WBFLAG_BIG_NTLMV2_BLOB 0x00010000
fstring groupname; /* getgrnam */
uid_t uid; /* getpwuid, uid_to_sid */
gid_t gid; /* getgrgid, gid_to_sid */
+ uint32_t ndrcmd;
struct {
- /* We deliberatedly don't split into domain/user to
+ /* We deliberately don't split into domain/user to
avoid having the client know what the separator
character is. */
fstring user;
uint32_t initial_blob_len; /* blobs in extra_data */
uint32_t challenge_blob_len;
} ccache_ntlm_auth;
+ struct {
+ uid_t uid;
+ fstring user;
+ fstring pass;
+ } ccache_save;
struct {
fstring domain_name;
fstring domain_guid;
char first_8_lm_hash[8];
fstring krb5ccname;
uint32_t reject_reason;
- uint32_t padding;
+ uint8_t authoritative;
+ uint8_t padding[1];
+ uint16_t validation_level;
struct policy_settings {
uint32_t min_length_password;
uint32_t password_history;
fstring logon_srv;
fstring logon_dom;
} info3;
+ struct info6_text {
+ fstring dns_domainname;
+ fstring principal_name;
+ } info6;
fstring unix_username;
} auth;
struct {
uint32_t group_rid;
} user_info;
struct {
+ uint8_t session_key[16];
uint32_t auth_blob_len; /* blob in extra_data */
+ uint8_t new_spnego;
} ccache_ntlm_auth;
struct {
fstring dc_unc;
git.samba.org / gd / samba-autobuild / .git / blobdiff