#include "nsswitch/winbind_struct_protocol.h"
#include "nsswitch/libwbclient/wbclient.h"
-#include "librpc/gen_ndr/wbint.h"
+#include "librpc/gen_ndr/dcerpc.h"
+#include "librpc/gen_ndr/winbind.h"
+
+#include "talloc_dict.h"
+
+#include "../lib/util/tevent_ntstatus.h"
#ifdef HAVE_LIBNSCD
#include <libnscd.h>
#define WB_REPLACE_CHAR '_'
struct sid_ctr {
- DOM_SID *sid;
+ struct dom_sid *sid;
bool finished;
const char *domain;
const char *name;
bool privileged; /* Is the client 'privileged' */
TALLOC_CTX *mem_ctx; /* memory per request */
+ const char *cmd_name;
NTSTATUS (*recv_fn)(struct tevent_req *req,
struct winbindd_response *presp);
struct winbindd_request *request; /* Request from client */
struct tevent_queue *out_queue;
struct winbindd_response *response; /* Respose to client */
- bool getpwent_initialized; /* Has getpwent_state been
- * initialized? */
- bool getgrent_initialized; /* Has getgrent_state been
- * initialized? */
struct getpwent_state *pwent_state; /* State for getpwent() */
struct getgrent_state *grent_state; /* State for getgrent() */
fstring gecos; /* User information */
fstring homedir; /* User Home Directory */
fstring shell; /* User Login Shell */
- DOM_SID user_sid; /* NT user and primary group SIDs */
- DOM_SID group_sid;
+ struct dom_sid user_sid; /* NT user and primary group SIDs */
+ struct dom_sid group_sid;
};
/* Our connection to the DC */
struct winbindd_cm_conn {
struct cli_state *cli;
+ enum dcerpc_AuthLevel auth_level;
+
struct rpc_pipe_client *samr_pipe;
struct policy_handle sam_connect_handle, sam_domain_handle;
struct policy_handle lsa_policy;
struct rpc_pipe_client *netlogon_pipe;
+ struct netlogon_creds_cli_context *netlogon_creds;
+ uint32_t netlogon_flags;
+ bool netlogon_force_reauth;
};
/* Async child */
int sock;
struct tevent_queue *queue;
- struct rpc_pipe_client *rpccli;
+ struct dcerpc_binding_handle *binding_handle;
- struct timed_event *lockout_policy_event;
- struct timed_event *machine_password_change_event;
+ struct tevent_timer *lockout_policy_event;
+ struct tevent_timer *machine_password_change_event;
const struct winbindd_child_dispatch_table *table;
};
/* Structures to hold per domain information */
struct winbindd_domain {
- fstring name; /* Domain name (NetBIOS) */
- fstring alt_name; /* alt Domain name, if any (FQDN for ADS) */
- fstring forest_name; /* Name of the AD forest we're in */
- DOM_SID sid; /* SID for this domain */
+ char *name; /* Domain name (NetBIOS) */
+ char *alt_name; /* alt Domain name, if any (FQDN for ADS) */
+ char *forest_name; /* Name of the AD forest we're in */
+ struct dom_sid sid; /* SID for this domain */
uint32 domain_flags; /* Domain flags from netlogon.h */
uint32 domain_type; /* Domain type from netlogon.h */
uint32 domain_trust_attribs; /* Trust attribs from netlogon.h */
bool active_directory; /* is this a win2k active directory ? */
bool primary; /* is this our primary domain ? */
bool internal; /* BUILTIN and member SAM */
+ bool rodc; /* Are we an RODC for this AD domain? (do some operations locally) */
bool online; /* is this domain available ? */
- time_t startup_time; /* When we set "startup" true. */
+ time_t startup_time; /* When we set "startup" true. monotonic clock */
bool startup; /* are we in the first 30 seconds after startup_time ? */
- bool can_do_samlogon_ex; /* Due to the lack of finer control what type
- * of DC we have, let us try to do a
- * credential-chain less samlogon_ex call
- * with AD and schannel. If this fails with
- * DCERPC_FAULT_OP_RNG_ERROR, then set this
- * to False. This variable is around so that
- * we don't have to try _ex every time. */
-
bool can_do_ncacn_ip_tcp;
/* Lookup methods for this domain (LDAP or RPC) */
/* A working DC */
pid_t dc_probe_pid; /* Child we're using to detect the DC. */
- fstring dcname;
+ char *dcname;
struct sockaddr_storage dcaddr;
/* Sequence number stuff */
/* The child pid we're talking to */
- struct winbindd_child child;
+ struct winbindd_child *children;
/* Callback we use to try put us back online. */
uint32 check_online_timeout;
- struct timed_event *check_online_event;
+ struct tevent_timer *check_online_event;
/* Linked list info */
struct winbindd_domain *prev, *next;
};
+struct wb_acct_info {
+ fstring acct_name; /* account name */
+ fstring acct_desc; /* account name */
+ uint32_t rid; /* domain-relative RID */
+};
+
/* per-domain methods. This is how LDAP vs RPC is selected
*/
struct winbindd_methods {
NTSTATUS (*enum_dom_groups)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32 *num_entries,
- struct acct_info **info);
+ struct wb_acct_info **info);
/* get a list of domain local groups */
NTSTATUS (*enum_local_groups)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32 *num_entries,
- struct acct_info **info);
+ struct wb_acct_info **info);
/* convert one user or group name to a sid */
NTSTATUS (*name_to_sid)(struct winbindd_domain *domain,
const char *domain_name,
const char *name,
uint32_t flags,
- DOM_SID *sid,
+ struct dom_sid *sid,
enum lsa_SidType *type);
/* convert a sid to a user or group name */
NTSTATUS (*sid_to_name)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
char **domain_name,
char **name,
enum lsa_SidType *type);
NTSTATUS (*rids_to_names)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *domain_sid,
+ const struct dom_sid *domain_sid,
uint32 *rids,
size_t num_rids,
char **domain_name,
/* lookup user info for a given SID */
NTSTATUS (*query_user)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
+ const struct dom_sid *user_sid,
struct wbint_userinfo *user_info);
/* lookup all groups that a user is a member of. The backend
function */
NTSTATUS (*lookup_usergroups)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
- uint32 *num_groups, DOM_SID **user_gids);
+ const struct dom_sid *user_sid,
+ uint32 *num_groups, struct dom_sid **user_gids);
/* Lookup all aliases that the sids delivered are member of. This is
* to implement 'domain local groups' correctly */
NTSTATUS (*lookup_useraliases)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32 num_sids,
- const DOM_SID *sids,
+ const struct dom_sid *sids,
uint32 *num_aliases,
uint32 **alias_rids);
/* find all members of the group with the specified group_rid */
NTSTATUS (*lookup_groupmem)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid,
+ const struct dom_sid *group_sid,
enum lsa_SidType type,
uint32 *num_names,
- DOM_SID **sid_mem, char ***names,
+ struct dom_sid **sid_mem, char ***names,
uint32 **name_types);
/* return the current global sequence number */
/* Called when backend is first loaded */
bool (*init)(void);
- bool (*get_sid_from_uid)(uid_t uid, DOM_SID *sid);
- bool (*get_sid_from_gid)(gid_t gid, DOM_SID *sid);
+ bool (*get_sid_from_uid)(uid_t uid, struct dom_sid *sid);
+ bool (*get_sid_from_gid)(gid_t gid, struct dom_sid *sid);
- bool (*get_uid_from_sid)(DOM_SID *sid, uid_t *uid);
- bool (*get_gid_from_sid)(DOM_SID *sid, gid_t *gid);
+ bool (*get_uid_from_sid)(struct dom_sid *sid, uid_t *uid);
+ bool (*get_gid_from_sid)(struct dom_sid *sid, gid_t *gid);
/* Called when backend is unloaded */
bool (*close)(void);
struct winbindd_tdc_domain {
const char *domain_name;
const char *dns_name;
- DOM_SID sid;
+ struct dom_sid sid;
uint32 trust_flags;
uint32 trust_attribs;
uint32 trust_type;
time_t create_time;
time_t renew_until;
time_t refresh_time;
- struct timed_event *event;
+ struct tevent_timer *event;
};
#include "winbindd/winbindd_proto.h"