#include "nsswitch/winbind_struct_protocol.h"
#include "nsswitch/libwbclient/wbclient.h"
-#include "librpc/gen_ndr/wbint.h"
+#include "librpc/gen_ndr/dcerpc.h"
+#include "librpc/gen_ndr/winbind.h"
+
+#include "../lib/util/tevent_ntstatus.h"
#ifdef HAVE_LIBNSCD
#include <libnscd.h>
#define WB_REPLACE_CHAR '_'
struct sid_ctr {
- DOM_SID *sid;
+ struct dom_sid *sid;
bool finished;
const char *domain;
const char *name;
bool privileged; /* Is the client 'privileged' */
TALLOC_CTX *mem_ctx; /* memory per request */
+ const char *cmd_name;
NTSTATUS (*recv_fn)(struct tevent_req *req,
struct winbindd_response *presp);
struct winbindd_request *request; /* Request from client */
struct tevent_queue *out_queue;
struct winbindd_response *response; /* Respose to client */
- bool getpwent_initialized; /* Has getpwent_state been
- * initialized? */
- bool getgrent_initialized; /* Has getgrent_state been
- * initialized? */
+ struct tevent_req *io_req; /* wb_req_read_* or wb_resp_write_* */
struct getpwent_state *pwent_state; /* State for getpwent() */
struct getgrent_state *grent_state; /* State for getgrent() */
struct getpwent_state {
struct winbindd_domain *domain;
- int next_user;
- int num_users;
- struct wbint_userinfo *users;
+ uint32_t next_user;
+ struct wbint_RidArray rids;
};
struct getgrent_state {
struct wbint_Principal *groups;
};
-/* Storage for cached getpwent() user entries */
-
-struct getpwent_user {
- fstring name; /* Account name */
- fstring gecos; /* User information */
- fstring homedir; /* User Home Directory */
- fstring shell; /* User Login Shell */
- DOM_SID user_sid; /* NT user and primary group SIDs */
- DOM_SID group_sid;
-};
-
/* Our connection to the DC */
struct winbindd_cm_conn {
struct cli_state *cli;
+ enum dcerpc_AuthLevel auth_level;
+
struct rpc_pipe_client *samr_pipe;
struct policy_handle sam_connect_handle, sam_domain_handle;
struct policy_handle lsa_policy;
struct rpc_pipe_client *netlogon_pipe;
+ struct netlogon_creds_cli_context *netlogon_creds_ctx;
+ bool netlogon_force_reauth;
};
/* Async child */
int sock;
struct tevent_queue *queue;
- struct rpc_pipe_client *rpccli;
+ struct dcerpc_binding_handle *binding_handle;
- struct timed_event *lockout_policy_event;
- struct timed_event *machine_password_change_event;
+ struct tevent_timer *lockout_policy_event;
+ struct tevent_timer *machine_password_change_event;
const struct winbindd_child_dispatch_table *table;
};
/* Structures to hold per domain information */
struct winbindd_domain {
- fstring name; /* Domain name (NetBIOS) */
- fstring alt_name; /* alt Domain name, if any (FQDN for ADS) */
- fstring forest_name; /* Name of the AD forest we're in */
- DOM_SID sid; /* SID for this domain */
- uint32 domain_flags; /* Domain flags from netlogon.h */
- uint32 domain_type; /* Domain type from netlogon.h */
- uint32 domain_trust_attribs; /* Trust attribs from netlogon.h */
+ char *name; /* Domain name (NetBIOS) */
+ char *alt_name; /* alt Domain name, if any (FQDN for ADS) */
+ char *forest_name; /* Name of the AD forest we're in */
+ struct dom_sid sid; /* SID for this domain */
+ enum netr_SchannelType secure_channel_type;
+ uint32_t domain_flags; /* Domain flags from netlogon.h */
+ uint32_t domain_type; /* Domain type from netlogon.h */
+ uint32_t domain_trust_attribs; /* Trust attribs from netlogon.h */
+ struct winbindd_domain *routing_domain;
bool initialized; /* Did we already ask for the domain mode? */
bool native_mode; /* is this a win2k domain in native mode ? */
bool active_directory; /* is this a win2k active directory ? */
bool primary; /* is this our primary domain ? */
bool internal; /* BUILTIN and member SAM */
+ bool rodc; /* Are we an RODC for this AD domain? (do some operations locally) */
bool online; /* is this domain available ? */
- time_t startup_time; /* When we set "startup" true. */
+ time_t startup_time; /* When we set "startup" true. monotonic clock */
bool startup; /* are we in the first 30 seconds after startup_time ? */
- bool can_do_samlogon_ex; /* Due to the lack of finer control what type
- * of DC we have, let us try to do a
- * credential-chain less samlogon_ex call
- * with AD and schannel. If this fails with
- * DCERPC_FAULT_OP_RNG_ERROR, then set this
- * to False. This variable is around so that
- * we don't have to try _ex every time. */
-
bool can_do_ncacn_ip_tcp;
- /* Lookup methods for this domain (LDAP or RPC) */
- struct winbindd_methods *methods;
-
- /* the backend methods are used by the cache layer to find the right
- backend */
+ /*
+ * Lookup methods for this domain (LDAP or RPC). The backend
+ * methods are used by the cache layer.
+ */
struct winbindd_methods *backend;
/* Private data for the backends (used for connection cache) */
void *private_data;
- /*
- * idmap config settings, used to tell the idmap child which
- * special domain config to use for a mapping
- */
- bool have_idmap_config;
- uint32_t id_range_low, id_range_high;
-
/* A working DC */
pid_t dc_probe_pid; /* Child we're using to detect the DC. */
- fstring dcname;
+ char *dcname;
struct sockaddr_storage dcaddr;
/* Sequence number stuff */
time_t last_seq_check;
- uint32 sequence_number;
+ uint32_t sequence_number;
NTSTATUS last_status;
/* The smb connection */
/* The child pid we're talking to */
- struct winbindd_child child;
+ struct winbindd_child *children;
+
+ struct tevent_queue *queue;
+ struct dcerpc_binding_handle *binding_handle;
/* Callback we use to try put us back online. */
- uint32 check_online_timeout;
- struct timed_event *check_online_event;
+ uint32_t check_online_timeout;
+ struct tevent_timer *check_online_event;
/* Linked list info */
struct winbindd_domain *prev, *next;
};
+struct wb_acct_info {
+ fstring acct_name; /* account name */
+ fstring acct_desc; /* account name */
+ uint32_t rid; /* domain-relative RID */
+};
+
/* per-domain methods. This is how LDAP vs RPC is selected
*/
struct winbindd_methods {
/* get a list of users, returning a wbint_userinfo for each one */
NTSTATUS (*query_user_list)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32 *num_entries,
- struct wbint_userinfo **info);
+ uint32_t **rids);
/* get a list of domain groups */
NTSTATUS (*enum_dom_groups)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32 *num_entries,
- struct acct_info **info);
+ uint32_t *num_entries,
+ struct wb_acct_info **info);
/* get a list of domain local groups */
NTSTATUS (*enum_local_groups)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32 *num_entries,
- struct acct_info **info);
+ uint32_t *num_entries,
+ struct wb_acct_info **info);
/* convert one user or group name to a sid */
NTSTATUS (*name_to_sid)(struct winbindd_domain *domain,
const char *domain_name,
const char *name,
uint32_t flags,
- DOM_SID *sid,
+ struct dom_sid *sid,
enum lsa_SidType *type);
/* convert a sid to a user or group name */
NTSTATUS (*sid_to_name)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *sid,
+ const struct dom_sid *sid,
char **domain_name,
char **name,
enum lsa_SidType *type);
NTSTATUS (*rids_to_names)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *domain_sid,
- uint32 *rids,
+ const struct dom_sid *domain_sid,
+ uint32_t *rids,
size_t num_rids,
char **domain_name,
char ***names,
enum lsa_SidType **types);
- /* lookup user info for a given SID */
- NTSTATUS (*query_user)(struct winbindd_domain *domain,
- TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
- struct wbint_userinfo *user_info);
-
/* lookup all groups that a user is a member of. The backend
can also choose to lookup by username or rid for this
function */
NTSTATUS (*lookup_usergroups)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *user_sid,
- uint32 *num_groups, DOM_SID **user_gids);
+ const struct dom_sid *user_sid,
+ uint32_t *num_groups, struct dom_sid **user_gids);
/* Lookup all aliases that the sids delivered are member of. This is
* to implement 'domain local groups' correctly */
NTSTATUS (*lookup_useraliases)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- uint32 num_sids,
- const DOM_SID *sids,
- uint32 *num_aliases,
- uint32 **alias_rids);
+ uint32_t num_sids,
+ const struct dom_sid *sids,
+ uint32_t *num_aliases,
+ uint32_t **alias_rids);
/* find all members of the group with the specified group_rid */
NTSTATUS (*lookup_groupmem)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
- const DOM_SID *group_sid,
+ const struct dom_sid *group_sid,
enum lsa_SidType type,
- uint32 *num_names,
- DOM_SID **sid_mem, char ***names,
- uint32 **name_types);
+ uint32_t *num_names,
+ struct dom_sid **sid_mem, char ***names,
+ uint32_t **name_types);
/* return the current global sequence number */
- NTSTATUS (*sequence_number)(struct winbindd_domain *domain, uint32 *seq);
+ NTSTATUS (*sequence_number)(struct winbindd_domain *domain, uint32_t *seq);
/* return the lockout policy */
NTSTATUS (*lockout_policy)(struct winbindd_domain *domain,
/* Called when backend is first loaded */
bool (*init)(void);
- bool (*get_sid_from_uid)(uid_t uid, DOM_SID *sid);
- bool (*get_sid_from_gid)(gid_t gid, DOM_SID *sid);
+ bool (*get_sid_from_uid)(uid_t uid, struct dom_sid *sid);
+ bool (*get_sid_from_gid)(gid_t gid, struct dom_sid *sid);
- bool (*get_uid_from_sid)(DOM_SID *sid, uid_t *uid);
- bool (*get_gid_from_sid)(DOM_SID *sid, gid_t *gid);
+ bool (*get_uid_from_sid)(struct dom_sid *sid, uid_t *uid);
+ bool (*get_gid_from_sid)(struct dom_sid *sid, gid_t *gid);
/* Called when backend is unloaded */
bool (*close)(void);
struct winbindd_tdc_domain {
const char *domain_name;
const char *dns_name;
- DOM_SID sid;
- uint32 trust_flags;
- uint32 trust_attribs;
- uint32 trust_type;
-};
-
-/* Switch for listing users or groups */
-enum ent_type {
- LIST_USERS = 0,
- LIST_GROUPS,
+ struct dom_sid sid;
+ uint32_t trust_flags;
+ uint32_t trust_attribs;
+ uint32_t trust_type;
};
struct WINBINDD_MEMORY_CREDS {
time_t create_time;
time_t renew_until;
time_t refresh_time;
- struct timed_event *event;
+ struct tevent_timer *event;
};
#include "winbindd/winbindd_proto.h"
#define WINBINDD_ESTABLISH_LOOP 30
#define WINBINDD_RESCAN_FREQ lp_winbind_cache_time()
#define WINBINDD_PAM_AUTH_KRB5_RENEW_TIME 2592000 /* one month */
-#define DOM_SEQUENCE_NONE ((uint32)-1)
+#define DOM_SEQUENCE_NONE ((uint32_t)-1)
#endif /* _WINBINDD_H */