r23311: Updating the samba4 winbind protocol to version 18.
authorKai Blin <kai@samba.org>
Sat, 2 Jun 2007 11:38:27 +0000 (11:38 +0000)
committerGerald (Jerry) Carter <jerry@samba.org>
Wed, 10 Oct 2007 19:53:10 +0000 (14:53 -0500)
nsswitch/winbindd_nss.h is just copied from SAMBA_3_0.
nsswitch/winbind_nss_config.h is copied from SAMBA_3_0, too, but I had to
drop some of the defines to make things build again.

Kai

source/auth/auth_winbind.c
source/nsswitch/wb_common.c
source/nsswitch/winbind_nss_config.h
source/nsswitch/winbindd_nss.h
source/winbind/wb_samba3_cmd.c
source/winbind/wb_samba3_protocol.c
source/winbind/wb_server.h

index 05183d65d06d2fb0cc84366f9b51dcf95ef2ba54..52d525acd8de4c5fb384b59cc792ca3f5e79490b 100644 (file)
@@ -36,7 +36,7 @@ static NTSTATUS get_info3_from_ndr(TALLOC_CTX *mem_ctx, struct winbindd_response
                NTSTATUS status;
                DATA_BLOB blob;
                blob.length = len - 4;
-               blob.data = (uint8_t *)(((char *)response->extra_data) + 4);
+               blob.data = (uint8_t *)(((char *)response->extra_data.data) + 4);
 
                status = ndr_pull_struct_blob(&blob, mem_ctx, info3,
                                              (ndr_pull_flags_fn_t)ndr_pull_netr_SamInfo3);
@@ -91,12 +91,12 @@ static NTSTATUS winbind_check_password_samba3(struct auth_method_context *ctx,
 
        request.data.auth_crap.logon_parameters = user_info->logon_parameters;
 
-       winbind_strcpy(request.data.auth_crap.user, 
-                      user_info->client.account_name);
-       winbind_strcpy(request.data.auth_crap.domain, 
-                      user_info->client.domain_name);
-       winbind_strcpy(request.data.auth_crap.workstation, 
-                      user_info->workstation_name);
+       safe_strcpy(request.data.auth_crap.user,
+                      user_info->client.account_name, sizeof(fstring));
+       safe_strcpy(request.data.auth_crap.domain,
+                      user_info->client.domain_name, sizeof(fstring));
+       safe_strcpy(request.data.auth_crap.workstation,
+                      user_info->workstation_name, sizeof(fstring));
 
        memcpy(request.data.auth_crap.chal, ctx->auth_ctx->challenge.data.data, sizeof(request.data.auth_crap.chal));
 
@@ -115,11 +115,11 @@ static NTSTATUS winbind_check_password_samba3(struct auth_method_context *ctx,
        nt_status = NT_STATUS(response.data.auth.nt_status);
        NT_STATUS_NOT_OK_RETURN(nt_status);
 
-       if (result == NSS_STATUS_SUCCESS && response.extra_data) {
+       if (result == NSS_STATUS_SUCCESS && response.extra_data.data) {
                union netr_Validation validation;
 
                nt_status = get_info3_from_ndr(mem_ctx, &response, &info3);
-               SAFE_FREE(response.extra_data);
+               SAFE_FREE(response.extra_data.data);
                NT_STATUS_NOT_OK_RETURN(nt_status); 
 
                validation.sam3 = &info3;
@@ -128,7 +128,7 @@ static NTSTATUS winbind_check_password_samba3(struct auth_method_context *ctx,
                                                                 3, &validation,
                                                                 server_info);
                return nt_status;
-       } else if (result == NSS_STATUS_SUCCESS && !response.extra_data) {
+       } else if (result == NSS_STATUS_SUCCESS && !response.extra_data.data) {
                DEBUG(0, ("Winbindd authenticated the user [%s]\\[%s], "
                          "but did not include the required info3 reply!\n", 
                          user_info->client.domain_name, user_info->client.account_name));
index e8c317b5982d6c0942598545dcd4c7e0c2bbfc73..51f9deb5b0e8c3c472c5b17d959952ee4e5e5681 100644 (file)
@@ -38,7 +38,7 @@ void free_response(struct winbindd_response *response)
        /* Free any allocated extra_data */
 
        if (response)
-               SAFE_FREE(response->extra_data);
+               SAFE_FREE(response->extra_data.data);
 }
 
 /* Initialise a request structure */
@@ -324,13 +324,13 @@ int winbind_open_pipe_sock(void)
 
        if (winbindd_request(WINBINDD_PRIV_PIPE_DIR, &request, &response) == NSS_STATUS_SUCCESS) {
                int fd;
-               if ((fd = winbind_named_pipe_sock(response.extra_data)) != -1) {
+               if ((fd = winbind_named_pipe_sock(response.extra_data.data)) != -1) {
                        close(winbindd_fd);
                        winbindd_fd = fd;
                }
        }
 
-       SAFE_FREE(response.extra_data);
+       SAFE_FREE(response.extra_data.data);
 
        return winbindd_fd;
 #else
@@ -488,7 +488,7 @@ int read_reply(struct winbindd_response *response)
           the server.  This has no meaning in the client's address space
           so we clear it out. */
 
-       response->extra_data = NULL;
+       response->extra_data.data = NULL;
 
        /* Read variable length response */
        
@@ -498,11 +498,11 @@ int read_reply(struct winbindd_response *response)
                
                /* Mallocate memory for extra data */
                
-               if (!(response->extra_data = malloc(extra_data_len))) {
+               if (!(response->extra_data.data = malloc(extra_data_len))) {
                        return -1;
                }
                
-               if ((result2 = read_sock(response->extra_data, extra_data_len))
+               if ((result2 = read_sock(response->extra_data.data, extra_data_len))
                    == -1) {
                        free_response(response);
                        return -1;
index 345e8d32289d399d625fa910ea63bbdc120bef9a..65cf7b232b57b412648334945c8c703f3cdbb897 100644 (file)
 #ifndef _WINBIND_NSS_CONFIG_H
 #define _WINBIND_NSS_CONFIG_H
 
-/* Include header files from data in config.h file */
-
-#ifndef NO_CONFIG_H
-#include <config.h>
+/* shutup the compiler warnings due to krb5.h on 64-bit sles9 */
+#ifdef SIZEOF_LONG
+#undef SIZEOF_LONG
 #endif
 
-#include <stdio.h>
 
-#ifdef HAVE_STDLIB_H
-#include <stdlib.h>
-#endif
+/* Include header files from data in config.h file */
 
-#ifdef HAVE_UNISTD_H
-#include <unistd.h>
+#ifndef NO_CONFIG_H
+#include "lib/replace/replace.h"
 #endif
 
-#ifdef HAVE_SYS_SELECT_H
-#include <sys/select.h>
-#endif
+#include "system/passwd.h"
+#include "system/filesys.h"
+#include "system/network.h"
 
-#ifdef HAVE_SYS_SOCKET_H
-#include <sys/socket.h>
-#endif
+#include "nsswitch/winbind_nss.h"
 
-#ifdef HAVE_UNIXSOCKET
-#include <sys/un.h>
-#endif
+/* I'm trying really hard not to include anything from smb.h with the
+   result of some silly looking redeclaration of structures. */
 
-#ifdef HAVE_SYS_TIME_H
-#include <sys/time.h>
+#ifndef _PSTRING
+#define _PSTRING
+#define PSTRING_LEN 1024
+#define FSTRING_LEN 256
+typedef char pstring[PSTRING_LEN];
+typedef char fstring[FSTRING_LEN];
 #endif
 
-#ifdef HAVE_GRP_H
-#include <grp.h>
+#if !defined(uint32)
+#if (SIZEOF_INT == 4)
+#define uint32 unsigned int
+#elif (SIZEOF_LONG == 4)
+#define uint32 unsigned long
+#elif (SIZEOF_SHORT == 4)
+#define uint32 unsigned short
 #endif
-
-#ifdef HAVE_STRING_H
-#include <string.h>
 #endif
 
-#ifdef HAVE_FCNTL_H
-#include <fcntl.h>
-#else
-#ifdef HAVE_SYS_FCNTL_H
-#include <sys/fcntl.h>
+#if !defined(uint16)
+#if (SIZEOF_SHORT == 4)
+#define uint16 __ERROR___CANNOT_DETERMINE_TYPE_FOR_INT16;
+#else /* SIZEOF_SHORT != 4 */
+#define uint16 unsigned short
+#endif /* SIZEOF_SHORT != 4 */
 #endif
-#endif
-
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <errno.h>
 
-#ifdef HAVE_PWD_H
-#include <pwd.h>
+#ifndef uint8
+#define uint8 unsigned char
 #endif
-#include "nsswitch/winbind_nss.h"
 
-#ifndef Auto
-#define False (0)
-#define True (1)
-#define Auto (2)
-typedef int BOOL;
-#endif
+/*
+ * check for 8 byte long long
+ */
 
-/* zero a structure */
-#ifndef ZERO_STRUCT
-#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x))
+#if !defined(uint64)
+#if (SIZEOF_LONG == 8)
+#define uint64 unsigned long
+#elif (SIZEOF_LONG_LONG == 8)
+#define uint64 unsigned long long
+#endif  /* don't lie.  If we don't have it, then don't use it */
 #endif
 
-/* zero a structure given a pointer to the structure */
-#ifndef ZERO_STRUCTP
-#define ZERO_STRUCTP(x) { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); }
+#if !defined(int64)
+#if (SIZEOF_LONG == 8)
+#define int64 long
+#elif (SIZEOF_LONG_LONG == 8)
+#define int64 long long
+#endif  /* don't lie.  If we don't have it, then don't use it */
 #endif
 
 /* Some systems (SCO) treat UNIX domain sockets as FIFOs */
@@ -108,4 +105,9 @@ typedef int BOOL;
 #define S_ISSOCK(mode)  ((mode & S_IFSOCK) == S_IFSOCK)
 #endif
 
+#ifndef HAVE_SOCKLEN_T
+#define HAVE_SOCKLEN_T
+typedef int socklen_t;
+#endif
+
 #endif
index 37695c6aa6bdb153cd3f14b41207a6fe4beaebaa..ae8a6846a3e9669fda2a0d14b71cd75ecaf86cc0 100644 (file)
@@ -4,6 +4,7 @@
    Winbind daemon for ntdom nss module
 
    Copyright (C) Tim Potter 2000
+   Copyright (C) Gerald Carter 2006
    
    You are free to use this interface definition in any way you see
    fit, including without restriction, using this header in your own
 #define _WINBINDD_NTDOM_H
 
 #define WINBINDD_SOCKET_NAME "pipe"            /* Name of PF_UNIX socket */
+
+/* Let the build environment override the public winbindd socket location. This
+ * is needed for launchd support -- jpeach.
+ */
 #ifndef WINBINDD_SOCKET_DIR
 #define WINBINDD_SOCKET_DIR  "/tmp/.winbindd"  /* Name of PF_UNIX dir */
 #endif
+
 #define WINBINDD_PRIV_SOCKET_SUBDIR "winbindd_privileged" /* name of subdirectory of lp_lockdir() to hold the 'privileged' pipe */
 #define WINBINDD_DOMAIN_ENV  "WINBINDD_DOMAIN" /* Environment variables */
 #define WINBINDD_DONT_ENV    "_NO_WINBINDD"
 
-typedef char winbind_string[256];
-#define winbind_strcpy(d,s) safe_strcpy((d),(s),sizeof(winbind_string));
-
 /* Update this when you change the interface.  */
 
-#define WINBIND_INTERFACE_VERSION 11
+#define WINBIND_INTERFACE_VERSION 18
+
+/* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
+   On a 64bit Linux box, we have to support a constant structure size
+   between /lib/libnss_winbind.so.2 and /li64/libnss_winbind.so.2.
+   The easiest way to do this is to always use 8byte values for time_t. */
+
+#if defined(int64)
+#  define SMB_TIME_T int64
+#else
+#  define SMB_TIME_T time_t
+#endif
 
 /* Socket commands */
 
@@ -69,6 +83,8 @@ enum winbindd_cmd {
        WINBINDD_PAM_AUTH,
        WINBINDD_PAM_AUTH_CRAP,
        WINBINDD_PAM_CHAUTHTOK,
+       WINBINDD_PAM_LOGOFF,
+       WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP,
 
        /* List various things */
 
@@ -80,18 +96,25 @@ enum winbindd_cmd {
 
        WINBINDD_LOOKUPSID,
        WINBINDD_LOOKUPNAME,
+       WINBINDD_LOOKUPRIDS,
 
        /* Lookup functions */
 
-       WINBINDD_SID_TO_UID,       
+       WINBINDD_SID_TO_UID,
        WINBINDD_SID_TO_GID,
+       WINBINDD_SIDS_TO_XIDS,
        WINBINDD_UID_TO_SID,
        WINBINDD_GID_TO_SID,
-       WINBINDD_ALLOCATE_RID,
-       WINBINDD_ALLOCATE_RID_AND_GID,
+
+       WINBINDD_ALLOCATE_UID,
+       WINBINDD_ALLOCATE_GID,
+       WINBINDD_SET_MAPPING,
+       WINBINDD_SET_HWM,
 
        /* Miscellaneous other stuff */
 
+       WINBINDD_DUMP_MAPS,
+
        WINBINDD_CHECK_MACHACC,     /* Check machine account pw works */
        WINBINDD_PING,              /* Just tell me winbind is running */
        WINBINDD_INFO,              /* Various bit of info.  Currently just tidbits */
@@ -119,7 +142,7 @@ enum winbindd_cmd {
        /* return a list of group sids for a user sid */
        WINBINDD_GETUSERSIDS,
 
-       /* Return the domain groups a user is in */
+       /* Various group queries */
        WINBINDD_GETUSERDOMGROUPS,
 
        /* Initialize connection in a child */
@@ -129,7 +152,12 @@ enum winbindd_cmd {
         * between parent and children */
        WINBINDD_DUAL_SID2UID,
        WINBINDD_DUAL_SID2GID,
-       WINBINDD_DUAL_IDMAPSET,
+       WINBINDD_DUAL_SIDS2XIDS,
+       WINBINDD_DUAL_UID2SID,
+       WINBINDD_DUAL_GID2SID,
+       WINBINDD_DUAL_SET_MAPPING,
+       WINBINDD_DUAL_SET_HWM,
+       WINBINDD_DUAL_DUMP_MAPS,
 
        /* Wrapper around possibly blocking unix nss calls */
        WINBINDD_DUAL_UID2NAME,
@@ -140,27 +168,30 @@ enum winbindd_cmd {
        WINBINDD_DUAL_USERINFO,
        WINBINDD_DUAL_GETSIDALIASES,
 
+       /* Complete the challenge phase of the NTLM authentication
+          protocol using cached password. */
+       WINBINDD_CCACHE_NTLMAUTH,
+
        WINBINDD_NUM_CMDS
 };
 
 typedef struct winbindd_pw {
-       winbind_string pw_name;
-       winbind_string pw_passwd;
+       fstring pw_name;
+       fstring pw_passwd;
        uid_t pw_uid;
        gid_t pw_gid;
-       winbind_string pw_gecos;
-       winbind_string pw_dir;
-       winbind_string pw_shell;
+       fstring pw_gecos;
+       fstring pw_dir;
+       fstring pw_shell;
 } WINBINDD_PW;
 
 
 typedef struct winbindd_gr {
-       winbind_string gr_name;
-       winbind_string gr_passwd;
+       fstring gr_name;
+       fstring gr_passwd;
        gid_t gr_gid;
-       int num_gr_mem;
-       int gr_mem_ofs;   /* offset to group membership */
-       char **gr_mem;
+       uint32 num_gr_mem;
+       uint32 gr_mem_ofs;   /* offset to group membership */
 } WINBINDD_GR;
 
 
@@ -170,7 +201,6 @@ typedef struct winbindd_gr {
 #define WBFLAG_PAM_LMKEY               0x0008
 #define WBFLAG_PAM_CONTACT_TRUSTDOM    0x0010
 #define WBFLAG_QUERY_ONLY              0x0020
-#define WBFLAG_ALLOCATE_RID            0x0040
 #define WBFLAG_PAM_UNIX_NAME            0x0080
 #define WBFLAG_PAM_AFS_TOKEN            0x0100
 #define WBFLAG_PAM_NT_STATUS_SQUASH     0x0200
@@ -180,74 +210,131 @@ typedef struct winbindd_gr {
 /* Flag to say this is a winbindd internal send - don't recurse. */
 #define WBFLAG_RECURSE                 0x0800
 
+#define WBFLAG_PAM_KRB5                        0x1000
+#define WBFLAG_PAM_FALLBACK_AFTER_KRB5 0x2000
+#define WBFLAG_PAM_CACHED_LOGIN                0x4000
+#define WBFLAG_PAM_GET_PWD_POLICY      0x8000  /* not used */
+
+#define WINBINDD_MAX_EXTRA_DATA (128*1024)
+
 /* Winbind request structure */
 
+/*******************************************************************************
+ * This structure MUST be the same size in the 32bit and 64bit builds
+ * for compatibility between /lib64/libnss_winbind.so and /lib/libnss_winbind.so
+ * 
+ * DO NOT CHANGE THIS STRUCTURE WITHOUT TESTING THE 32BIT NSS LIB AGAINST
+ * A 64BIT WINBINDD    --jerry
+ ******************************************************************************/
+
 struct winbindd_request {
-       uint32_t length;
+       uint32 length;
        enum winbindd_cmd cmd;   /* Winbindd command to execute */
+       enum winbindd_cmd original_cmd;   /* Original Winbindd command
+                                            issued to parent process */
        pid_t pid;               /* pid of calling process */
-       uint32_t flags;            /* flags relavant to a given request */
-       winbind_string domain_name;     /* name of domain for which the request applies */
+       uint32 flags;            /* flags relavant to a given request */
+       fstring domain_name;    /* name of domain for which the request applies */
 
        union {
-               winbind_string winsreq;     /* WINS request */
-               winbind_string username;    /* getpwnam */
-               winbind_string groupname;   /* getgrnam */
+               fstring winsreq;     /* WINS request */
+               fstring username;    /* getpwnam */
+               fstring groupname;   /* getgrnam */
                uid_t uid;           /* getpwuid, uid_to_sid */
                gid_t gid;           /* getgrgid, gid_to_sid */
                struct {
                        /* We deliberatedly don't split into domain/user to
                            avoid having the client know what the separator
                            character is. */    
-                       winbind_string user;
-                       winbind_string pass;
-                       winbind_string require_membership_of_sid;
+                       fstring user;
+                       fstring pass;
+                       pstring require_membership_of_sid;
+                       fstring krb5_cc_type;
+                       uid_t uid;
                } auth;              /* pam_winbind auth module */
                 struct {
                         unsigned char chal[8];
-                       uint32_t logon_parameters;
-                        winbind_string user;
-                        winbind_string domain;
-                        winbind_string lm_resp;
-                        uint16_t lm_resp_len;
-                        winbind_string nt_resp;
-                        uint16_t nt_resp_len;
-                       winbind_string workstation;
-                       winbind_string require_membership_of_sid;
+                       uint32 logon_parameters;
+                        fstring user;
+                        fstring domain;
+                        fstring lm_resp;
+                        uint32 lm_resp_len;
+                        fstring nt_resp;
+                        uint32 nt_resp_len;
+                       fstring workstation;
+                       fstring require_membership_of_sid;
                 } auth_crap;
                 struct {
-                    winbind_string user;
-                    winbind_string oldpass;
-                    winbind_string newpass;
+                    fstring user;
+                    fstring oldpass;
+                    fstring newpass;
                 } chauthtok;         /* pam_winbind passwd module */
-               winbind_string sid;         /* lookupsid, sid_to_[ug]id */
                struct {
-                       winbind_string dom_name;       /* lookupname */
-                       winbind_string name;       
+                       fstring user;
+                       fstring domain;
+                       unsigned char new_nt_pswd[516];
+                       uint16  new_nt_pswd_len;
+                       unsigned char old_nt_hash_enc[16];
+                       uint16  old_nt_hash_enc_len;
+                       unsigned char new_lm_pswd[516];
+                       uint16  new_lm_pswd_len;
+                       unsigned char old_lm_hash_enc[16];
+                       uint16  old_lm_hash_enc_len;
+               } chng_pswd_auth_crap;/* pam_winbind passwd module */
+               struct {
+                       fstring user;
+                       fstring krb5ccname;
+                       uid_t uid;
+               } logoff;              /* pam_winbind session module */
+               fstring sid;         /* lookupsid, sid_to_[ug]id */
+               struct {
+                       fstring dom_name;       /* lookupname */
+                       fstring name;       
                } name;
-               uint32_t num_entries;  /* getpwent, getgrent */
+               uint32 num_entries;  /* getpwent, getgrent */
                struct {
-                       winbind_string username;
-                       winbind_string groupname;
+                       fstring username;
+                       fstring groupname;
                } acct_mgt;
                struct {
                        BOOL is_primary;
-                       winbind_string dcname;
+                       fstring dcname;
                } init_conn;
                struct {
-                       winbind_string sid;
-                       winbind_string name;
-                       BOOL alloc;
+                       fstring sid;
+                       fstring name;
                } dual_sid2id;
                struct {
-                       int type;
-                       uid_t uid;
-                       gid_t gid;
-                       winbind_string sid;
+                       fstring sid;
+                       uint32 type;
+                       uint32 id;
                } dual_idmapset;
+               BOOL list_all_domains;
+
+               struct {
+                       uid_t uid;
+                       fstring user;
+                       /* the effective uid of the client, must be the uid for 'user'.
+                          This is checked by the main daemon, trusted by children. */
+                       /* if the blobs are length zero, then this doesn't
+                          produce an actual challenge response. It merely
+                          succeeds if there are cached credentials available
+                          that could be used. */
+                       uint32 initial_blob_len; /* blobs in extra_data */
+                       uint32 challenge_blob_len;
+               } ccache_ntlm_auth;
+
+               /* padding -- needed to fix alignment between 32bit and 64bit libs.
+                  The size is the sizeof the union without the padding aligned on 
+                  an 8 byte boundary.   --jerry */
+
+               char padding[1560];
        } data;
-       char *extra_data;
-       size_t extra_len;
+       union {
+               SMB_TIME_T padding;
+               char *data;
+       } extra_data;
+       uint32 extra_len;
        char null_term;
 };
 
@@ -261,11 +348,19 @@ enum winbindd_result {
 
 /* Winbind response structure */
 
+/*******************************************************************************
+ * This structure MUST be the same size in the 32bit and 64bit builds
+ * for compatibility between /lib64/libnss_winbind.so and /lib/libnss_winbind.so
+ * 
+ * DO NOT CHANGE THIS STRUCTURE WITHOUT TESTING THE 32BIT NSS LIB AGAINST
+ * A 64BIT WINBINDD    --jerry
+ ******************************************************************************/
+
 struct winbindd_response {
     
        /* Header information */
 
-       uint32_t length;                        /* Length of response */
+       uint32 length;                        /* Length of response */
        enum winbindd_result result;          /* Result code */
 
        /* Fixed length return data */
@@ -273,7 +368,7 @@ struct winbindd_response {
        union {
                int interface_version;  /* Try to ensure this is always in the same spot... */
                
-               winbind_string winsresp;                /* WINS response */
+               fstring winsresp;               /* WINS response */
 
                /* getpwnam, getpwuid */
                
@@ -283,60 +378,125 @@ struct winbindd_response {
 
                struct winbindd_gr gr;
 
-               uint32_t num_entries; /* getpwent, getgrent */
+               uint32 num_entries; /* getpwent, getgrent */
                struct winbindd_sid {
-                       winbind_string sid;        /* lookupname, [ug]id_to_sid */
+                       fstring sid;        /* lookupname, [ug]id_to_sid */
                        int type;
                } sid;
                struct winbindd_name {
-                       winbind_string dom_name;       /* lookupsid */
-                       winbind_string name;       
+                       fstring dom_name;       /* lookupsid */
+                       fstring name;
                        int type;
                } name;
                uid_t uid;          /* sid_to_uid */
                gid_t gid;          /* sid_to_gid */
                struct winbindd_info {
                        char winbind_separator;
-                       winbind_string samba_version;
+                       fstring samba_version;
                } info;
-               winbind_string domain_name;
-               winbind_string netbios_name;
-               winbind_string dc_name;
+               fstring domain_name;
+               fstring netbios_name;
+               fstring dc_name;
 
                struct auth_reply {
-                       uint32_t nt_status;
-                       winbind_string nt_status_string;
-                       winbind_string error_string;
+                       uint32 nt_status;
+                       fstring nt_status_string;
+                       fstring error_string;
                        int pam_error;
                        char user_session_key[16];
                        char first_8_lm_hash[8];
+                       fstring krb5ccname;
+                       uint32 reject_reason;
+                       uint32 padding;
+                       struct policy_settings {
+                               uint32 min_length_password;
+                               uint32 password_history;
+                               uint32 password_properties;
+                               uint32 padding;
+                               SMB_TIME_T expire;
+                               SMB_TIME_T min_passwordage;
+                       } policy;
+                       struct info3_text {
+                               SMB_TIME_T logon_time;
+                               SMB_TIME_T logoff_time;
+                               SMB_TIME_T kickoff_time;
+                               SMB_TIME_T pass_last_set_time;
+                               SMB_TIME_T pass_can_change_time;
+                               SMB_TIME_T pass_must_change_time;
+                               uint32 logon_count;
+                               uint32 bad_pw_count;
+                               uint32 user_rid;
+                               uint32 group_rid;
+                               uint32 num_groups;
+                               uint32 user_flgs;
+                               uint32 acct_flags;
+                               uint32 num_other_sids;
+                               fstring dom_sid;
+                               fstring user_name;
+                               fstring full_name;
+                               fstring logon_script;
+                               fstring profile_path;
+                               fstring home_dir;
+                               fstring dir_drive;
+                               fstring logon_srv;
+                               fstring logon_dom;
+                       } info3;
                } auth;
-               uint32_t rid;   /* create user or group or allocate rid */
                struct {
-                       uint32_t rid;
-                       gid_t gid;
-               } rid_and_gid;
-               struct {
-                       winbind_string name;
-                       winbind_string alt_name;
-                       winbind_string sid;
+                       fstring name;
+                       fstring alt_name;
+                       fstring sid;
                        BOOL native_mode;
                        BOOL active_directory;
                        BOOL primary;
-                       uint32_t sequence_number;
+                       uint32 sequence_number;
                } domain_info;
                struct {
-                       winbind_string acct_name;
-                       winbind_string full_name;
-                       winbind_string homedir;
-                       winbind_string shell;
-                       uint32_t group_rid;
+                       fstring acct_name;
+                       fstring full_name;
+                       fstring homedir;
+                       fstring shell;
+                       uint32 primary_gid;                     
+                       uint32 group_rid;
                } user_info;
+               struct {
+                       uint32 auth_blob_len; /* blob in extra_data */
+               } ccache_ntlm_auth;
        } data;
 
        /* Variable length return data */
 
-       void *extra_data;               /* getgrnam, getgrgid, getgrent */
+       union {
+               SMB_TIME_T padding;
+               void *data;
+       } extra_data;
+};
+
+struct WINBINDD_MEMORY_CREDS {
+       struct WINBINDD_MEMORY_CREDS *next, *prev;
+       const char *username; /* lookup key. */
+       uid_t uid;
+       int ref_count;
+       size_t len;
+       unsigned char *nt_hash; /* Base pointer for the following 2 */
+       unsigned char *lm_hash;
+       char *pass;
+};
+
+struct WINBINDD_CCACHE_ENTRY {
+       struct WINBINDD_CCACHE_ENTRY *next, *prev;
+       const char *principal_name;
+       const char *ccname;
+       const char *service;
+       const char *username;
+       const char *realm;
+       struct WINBINDD_MEMORY_CREDS *cred_ptr;
+       int ref_count;
+       uid_t uid;
+       time_t create_time;
+       time_t renew_until;
+       time_t refresh_time;
+       struct timed_event *event;
 };
 
 #endif
index 7989bec17223e2e2190bcad3c25548ebffe0cfa4..f60c65a1d46b2561a984ecbf8171e4e0750a0b94 100644 (file)
@@ -22,6 +22,7 @@
 */
 
 #include "includes.h"
+#include "nsswitch/winbind_nss_config.h"
 #include "nsswitch/winbindd_nss.h"
 #include "winbind/wb_server.h"
 #include "winbind/wb_async_helpers.h"
@@ -111,9 +112,9 @@ NTSTATUS wbsrv_samba3_netbios_name(struct wbsrv_samba3_call *s3call)
 NTSTATUS wbsrv_samba3_priv_pipe_dir(struct wbsrv_samba3_call *s3call)
 {
        s3call->response.result                 = WINBINDD_OK;
-       s3call->response.extra_data =
+       s3call->response.extra_data.data =
                smbd_tmp_path(s3call, WINBINDD_SAMBA3_PRIVILEGED_SOCKET);
-       NT_STATUS_HAVE_NO_MEMORY(s3call->response.extra_data);
+       NT_STATUS_HAVE_NO_MEMORY(s3call->response.extra_data.data);
        return NT_STATUS_OK;
 }
 
@@ -262,7 +263,7 @@ static void userdomgroups_recv_groups(struct composite_context *ctx)
        }
 
        s3call->response.result = WINBINDD_OK;
-       s3call->response.extra_data = sids_string;
+       s3call->response.extra_data.data = sids_string;
        s3call->response.length += strlen(sids_string)+1;
        s3call->response.data.num_entries = num_sids;
 
@@ -328,7 +329,7 @@ static void usersids_recv_sids(struct composite_context *ctx)
        }
 
        s3call->response.result = WINBINDD_OK;
-       s3call->response.extra_data = sids_string;
+       s3call->response.extra_data.data = sids_string;
        s3call->response.length += strlen(sids_string);
        s3call->response.data.num_entries = num_sids;
 
@@ -510,7 +511,7 @@ static void pam_auth_crap_recv(struct composite_context *ctx)
        }
 
        if (s3call->request.flags & WBFLAG_PAM_INFO3_NDR) {
-               s3call->response.extra_data = info3.data;
+               s3call->response.extra_data.data = info3.data;
                s3call->response.length += info3.length;
        }
 
@@ -521,7 +522,7 @@ static void pam_auth_crap_recv(struct composite_context *ctx)
        }
        
        if (s3call->request.flags & WBFLAG_PAM_UNIX_NAME) {
-               s3call->response.extra_data = unix_username;
+               s3call->response.extra_data.data = unix_username;
                s3call->response.length += strlen(unix_username)+1;
        }
 
@@ -654,7 +655,7 @@ static void list_trustdom_recv_doms(struct composite_context *ctx)
 
        s3call->response.result = WINBINDD_OK;
        if (num_domains > 0) {
-               s3call->response.extra_data = result;
+               s3call->response.extra_data.data = result;
                s3call->response.length += strlen(result)+1;
        }
 
index 8580f2a163f5c352cbd3ea85dadcdb2521bec3d7..da3e404c1e60cce9ba32b1f3fdc2223ad730614b 100644 (file)
@@ -21,6 +21,7 @@
 */
 
 #include "includes.h"
+#include "nsswitch/winbind_nss_config.h"
 #include "nsswitch/winbindd_nss.h"
 #include "winbind/wb_server.h"
 #include "smbd/service_stream.h"
@@ -138,14 +139,21 @@ NTSTATUS wbsrv_samba3_handle_call(struct wbsrv_samba3_call *s3call)
        case WINBINDD_ENDGRENT:
        case WINBINDD_GETGRENT:
        case WINBINDD_PAM_CHAUTHTOK:
+       case WINBINDD_PAM_LOGOFF:
+       case WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP:
        case WINBINDD_LIST_USERS:
        case WINBINDD_LIST_GROUPS:
+       case WINBINDD_LOOKUPRIDS:
        case WINBINDD_SID_TO_UID:
        case WINBINDD_SID_TO_GID:
+       case WINBINDD_SIDS_TO_XIDS:
        case WINBINDD_UID_TO_SID:
        case WINBINDD_GID_TO_SID:
-       case WINBINDD_ALLOCATE_RID:
-       case WINBINDD_ALLOCATE_RID_AND_GID:
+       case WINBINDD_ALLOCATE_UID:
+       case WINBINDD_ALLOCATE_GID:
+       case WINBINDD_SET_MAPPING:
+       case WINBINDD_SET_HWM:
+       case WINBINDD_DUMP_MAPS:
        case WINBINDD_CHECK_MACHACC:
        case WINBINDD_DOMAIN_INFO:
        case WINBINDD_SHOW_SEQUENCE:
@@ -155,13 +163,19 @@ NTSTATUS wbsrv_samba3_handle_call(struct wbsrv_samba3_call *s3call)
        case WINBINDD_INIT_CONNECTION:
        case WINBINDD_DUAL_SID2UID:
        case WINBINDD_DUAL_SID2GID:
-       case WINBINDD_DUAL_IDMAPSET:
+       case WINBINDD_DUAL_SIDS2XIDS:
+       case WINBINDD_DUAL_UID2SID:
+       case WINBINDD_DUAL_GID2SID:
+       case WINBINDD_DUAL_SET_MAPPING:
+       case WINBINDD_DUAL_SET_HWM:
+       case WINBINDD_DUAL_DUMP_MAPS:
        case WINBINDD_DUAL_UID2NAME:
        case WINBINDD_DUAL_NAME2UID:
        case WINBINDD_DUAL_GID2NAME:
        case WINBINDD_DUAL_NAME2GID:
        case WINBINDD_DUAL_USERINFO:
        case WINBINDD_DUAL_GETSIDALIASES:
+       case WINBINDD_CCACHE_NTLMAUTH:
        case WINBINDD_NUM_CMDS:
                DEBUG(10, ("Unimplemented winbind samba3 request %d\n", 
                           s3call->request.cmd));
@@ -178,7 +192,7 @@ static NTSTATUS wbsrv_samba3_push_reply(struct wbsrv_samba3_call *call, TALLOC_C
        uint8_t *extra_data;
        size_t extra_data_len = 0;
 
-       extra_data = call->response.extra_data;
+       extra_data = call->response.extra_data.data;
        if (extra_data) {
                extra_data_len = call->response.length -
                        sizeof(call->response);
@@ -189,11 +203,11 @@ static NTSTATUS wbsrv_samba3_push_reply(struct wbsrv_samba3_call *call, TALLOC_C
 
        /* don't push real pointer values into sockets */
        if (extra_data) {
-               call->response.extra_data = (void *)0xFFFFFFFF;
+               call->response.extra_data.data = (void *)0xFFFFFFFF;
        }
        memcpy(blob.data, &call->response, sizeof(call->response));
        /* set back the pointer */
-       call->response.extra_data = extra_data;
+       call->response.extra_data.data = extra_data;
 
        if (extra_data) {
                memcpy(blob.data + sizeof(call->response), extra_data, extra_data_len);
index 3e851fbccc6c2c2a6bbae400e457db8048acf1ae..4099e32d705e1abbc033fa9264d4fdc6372c5558 100644 (file)
@@ -20,6 +20,7 @@
    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
 */
 
+#include "nsswitch/winbind_nss_config.h"
 #include "nsswitch/winbindd_nss.h"