diff --git a/source/nsswitch/winbindd_nss.h b/source/nsswitch/winbindd_nss.h index d785b8420c5..d012811d379 100644 --- a/source/nsswitch/winbindd_nss.h +++ b/source/nsswitch/winbindd_nss.h @@ -5,24 +5,22 @@ Copyright (C) Tim Potter 2000 - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Library General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later version. - - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Library General Public License for more details. - - You should have received a copy of the GNU Library General Public - License along with this library; if not, write to the - Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. + You are free to use this interface definition in any way you see + fit, including without restriction, using this header in your own + products. You do not need to give any attribution. */ + +#ifndef CONST_DISCARD +#define CONST_DISCARD(type, ptr) ((type) ((void *) (ptr))) +#endif + +#ifndef CONST_ADD +#define CONST_ADD(type, ptr) ((type) ((const void *) (ptr))) +#endif + #ifndef SAFE_FREE -#define SAFE_FREE(x) do { if(x) {free(discard_const_p(void *, (x)); x=NULL;} } while(0) +#define SAFE_FREE(x) do { if(x) {free(x); x=NULL;} } while(0) #endif #ifndef _WINBINDD_NTDOM_H @@ -36,7 +34,7 @@ /* Update this when you change the interface. */ -#define WINBIND_INTERFACE_VERSION 10 +#define WINBIND_INTERFACE_VERSION 11 /* Socket commands */ @@ -85,6 +83,7 @@ enum winbindd_cmd { WINBINDD_UID_TO_SID, WINBINDD_GID_TO_SID, WINBINDD_ALLOCATE_RID, + WINBINDD_ALLOCATE_RID_AND_GID, /* Miscellaneous other stuff */ @@ -95,6 +94,7 @@ enum winbindd_cmd { WINBINDD_DOMAIN_INFO, /* Most of what we know from struct winbindd_domain */ + WINBINDD_GETDCNAME, /* Issue a GetDCName Request */ WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */ @@ -103,16 +103,6 @@ enum winbindd_cmd { WINBINDD_WINS_BYIP, WINBINDD_WINS_BYNAME, - /* account management commands */ - - WINBINDD_CREATE_USER, - WINBINDD_CREATE_GROUP, - WINBINDD_ADD_USER_TO_GROUP, - WINBINDD_REMOVE_USER_FROM_GROUP, - WINBINDD_SET_USER_PRIMARY_GROUP, - WINBINDD_DELETE_USER, - WINBINDD_DELETE_GROUP, - /* this is like GETGRENT but gives an empty group list */ WINBINDD_GETGRLST, @@ -122,9 +112,29 @@ enum winbindd_cmd { WINBINDD_PRIV_PIPE_DIR, /* return a list of group sids for a user sid */ - WINBINDD_GETUSERSIDS, + WINBINDD_GETUSERSIDS, + + /* Return the domain groups a user is in */ + WINBINDD_GETUSERDOMGROUPS, + + /* Initialize connection in a child */ + WINBINDD_INIT_CONNECTION, + + /* Blocking calls that are not allowed on the main winbind pipe, only + * between parent and children */ + WINBINDD_DUAL_SID2UID, + WINBINDD_DUAL_SID2GID, + WINBINDD_DUAL_IDMAPSET, + + /* Wrapper around possibly blocking unix nss calls */ + WINBINDD_DUAL_UID2NAME, + WINBINDD_DUAL_NAME2UID, + WINBINDD_DUAL_GID2NAME, + WINBINDD_DUAL_NAME2GID, + + WINBINDD_DUAL_USERINFO, + WINBINDD_DUAL_GETSIDALIASES, - /* Placeholder for end of cmd list */ WINBINDD_NUM_CMDS }; @@ -160,6 +170,11 @@ typedef struct winbindd_gr { #define WBFLAG_PAM_AFS_TOKEN 0x0100 #define WBFLAG_PAM_NT_STATUS_SQUASH 0x0200 +/* This is a flag that can only be sent from parent to child */ +#define WBFLAG_IS_PRIVILEGED 0x0400 +/* Flag to say this is a winbindd internal send - don't recurse. */ +#define WBFLAG_RECURSE 0x0800 + /* Winbind request structure */ struct winbindd_request { @@ -168,6 +183,7 @@ struct winbindd_request { pid_t pid; /* pid of calling process */ uint32 flags; /* flags relavant to a given request */ fstring domain_name; /* name of domain for which the request applies */ + int msgid; union { fstring winsreq; /* WINS request */ @@ -209,6 +225,24 @@ struct winbindd_request { fstring username; fstring groupname; } acct_mgt; + struct { + BOOL is_primary; + fstring dcname; + } init_conn; + struct { + fstring sid; + fstring name; + BOOL alloc; + } dual_sid2id; + struct { + int type; + uid_t uid; + gid_t gid; + fstring sid; + } dual_idmapset; + struct { + fstring cache_key; + } dual_sidaliases; } data; char null_term; }; @@ -217,6 +251,7 @@ struct winbindd_request { enum winbindd_result { WINBINDD_ERROR, + WINBINDD_PENDING, WINBINDD_OK }; @@ -262,6 +297,7 @@ struct winbindd_response { } info; fstring domain_name; fstring netbios_name; + fstring dc_name; struct auth_reply { uint32 nt_status; @@ -272,6 +308,10 @@ struct winbindd_response { char first_8_lm_hash[8]; } auth; uint32 rid; /* create user or group or allocate rid */ + struct { + uint32 rid; + gid_t gid; + } rid_and_gid; struct { fstring name; fstring alt_name; @@ -281,6 +321,13 @@ struct winbindd_response { BOOL primary; uint32 sequence_number; } domain_info; + struct { + fstring acct_name; + fstring full_name; + fstring homedir; + fstring shell; + uint32 group_rid; + } user_info; } data; /* Variable length return data */ diff --git a/source/winbind/wb_server.c b/source/winbind/wb_server.c index 0bea86f38e6..17a25f57d51 100644 --- a/source/winbind/wb_server.c +++ b/source/winbind/wb_server.c @@ -28,7 +28,8 @@ #include "lib/events/events.h" #include "smbd/service_task.h" #include "smbd/service_stream.h" -#include "winbind/winbindd_nss.h" +#include "nsswitch/winbind_nss_config.h" +#include "nsswitch/winbindd_nss.h" #define WINBINDD_DIR "/tmp/.winbindd/" #define WINBINDD_ECHO_SOCKET WINBINDD_DIR"echo" diff --git a/source/winbind/winbindd_nss.h b/source/winbind/winbindd_nss.h deleted file mode 100644 index 04f6d9a823a..00000000000 --- a/source/winbind/winbindd_nss.h +++ /dev/null @@ -1,323 +0,0 @@ -/* - Unix SMB/CIFS implementation. - - Winbind daemon for ntdom nss module - - Copyright (C) Tim Potter 2000 - - You are free to use this interface definition in any way you see - fit, including without restriction, using this header in your own - products. You do not need to give any attribution. -*/ - - -#ifndef _WINBINDD_NSS_H -#define _WINBINDD_NSS_H - -typedef char fstring[256]; - - -/* Update this when you change the interface. */ - -#define WINBIND_INTERFACE_VERSION 11 - -/* Socket commands */ - -enum winbindd_cmd { - - WINBINDD_INTERFACE_VERSION, /* Always a well known value */ - - /* Get users and groups */ - - WINBINDD_GETPWNAM, - WINBINDD_GETPWUID, - WINBINDD_GETGRNAM, - WINBINDD_GETGRGID, - WINBINDD_GETGROUPS, - - /* Enumerate users and groups */ - - WINBINDD_SETPWENT, - WINBINDD_ENDPWENT, - WINBINDD_GETPWENT, - WINBINDD_SETGRENT, - WINBINDD_ENDGRENT, - WINBINDD_GETGRENT, - - /* PAM authenticate and password change */ - - WINBINDD_PAM_AUTH, - WINBINDD_PAM_AUTH_CRAP, - WINBINDD_PAM_CHAUTHTOK, - - /* List various things */ - - WINBINDD_LIST_USERS, /* List w/o rid->id mapping */ - WINBINDD_LIST_GROUPS, /* Ditto */ - WINBINDD_LIST_TRUSTDOM, - - /* SID conversion */ - - WINBINDD_LOOKUPSID, - WINBINDD_LOOKUPNAME, - - /* Lookup functions */ - - WINBINDD_SID_TO_UID, - WINBINDD_SID_TO_GID, - WINBINDD_UID_TO_SID, - WINBINDD_GID_TO_SID, - WINBINDD_ALLOCATE_RID, - WINBINDD_ALLOCATE_RID_AND_GID, - - /* Miscellaneous other stuff */ - - WINBINDD_CHECK_MACHACC, /* Check machine account pw works */ - WINBINDD_PING, /* Just tell me winbind is running */ - WINBINDD_INFO, /* Various bit of info. Currently just tidbits */ - WINBINDD_DOMAIN_NAME, /* The domain this winbind server is a member of (lp_workgroup()) */ - - WINBINDD_DOMAIN_INFO, /* Most of what we know from - struct winbindd_domain */ - WINBINDD_GETDCNAME, /* Issue a GetDCName Request */ - - WINBINDD_SHOW_SEQUENCE, /* display sequence numbers of domains */ - - /* WINS commands */ - - WINBINDD_WINS_BYIP, - WINBINDD_WINS_BYNAME, - - /* this is like GETGRENT but gives an empty group list */ - WINBINDD_GETGRLST, - - WINBINDD_NETBIOS_NAME, /* The netbios name of the server */ - - /* find the location of our privileged pipe */ - WINBINDD_PRIV_PIPE_DIR, - - /* return a list of group sids for a user sid */ - WINBINDD_GETUSERSIDS, - - /* Return the domain groups a user is in */ - WINBINDD_GETUSERDOMGROUPS, - - /* Initialize connection in a child */ - WINBINDD_INIT_CONNECTION, - - /* Blocking calls that are not allowed on the main winbind pipe, only - * between parent and children */ - WINBINDD_DUAL_SID2UID, - WINBINDD_DUAL_SID2GID, - WINBINDD_DUAL_IDMAPSET, - - /* Wrapper around possibly blocking unix nss calls */ - WINBINDD_DUAL_UID2NAME, - WINBINDD_DUAL_NAME2UID, - WINBINDD_DUAL_GID2NAME, - WINBINDD_DUAL_NAME2GID, - - WINBINDD_DUAL_USERINFO, - WINBINDD_DUAL_GETSIDALIASES, - - WINBINDD_NUM_CMDS -}; - -typedef struct winbindd_pw { - fstring pw_name; - fstring pw_passwd; - uid_t pw_uid; - gid_t pw_gid; - fstring pw_gecos; - fstring pw_dir; - fstring pw_shell; -} WINBINDD_PW; - - -typedef struct winbindd_gr { - fstring gr_name; - fstring gr_passwd; - gid_t gr_gid; - int num_gr_mem; - int gr_mem_ofs; /* offset to group membership */ - char **gr_mem; -} WINBINDD_GR; - - -#define WBFLAG_PAM_INFO3_NDR 0x0001 -#define WBFLAG_PAM_INFO3_TEXT 0x0002 -#define WBFLAG_PAM_USER_SESSION_KEY 0x0004 -#define WBFLAG_PAM_LMKEY 0x0008 -#define WBFLAG_PAM_CONTACT_TRUSTDOM 0x0010 -#define WBFLAG_QUERY_ONLY 0x0020 -#define WBFLAG_ALLOCATE_RID 0x0040 -#define WBFLAG_PAM_UNIX_NAME 0x0080 -#define WBFLAG_PAM_AFS_TOKEN 0x0100 -#define WBFLAG_PAM_NT_STATUS_SQUASH 0x0200 - -/* This is a flag that can only be sent from parent to child */ -#define WBFLAG_IS_PRIVILEGED 0x0400 - -/* Winbind request structure */ - -struct winbindd_request { - uint32_t length; - enum winbindd_cmd cmd; /* Winbindd command to execute */ - pid_t pid; /* pid of calling process */ - uint32_t flags; /* flags relavant to a given request */ - fstring domain_name; /* name of domain for which the request - * applies */ - int msgid; - - union { - fstring winsreq; /* WINS request */ - fstring username; /* getpwnam */ - fstring groupname; /* getgrnam */ - uid_t uid; /* getpwuid, uid_to_sid */ - gid_t gid; /* getgrgid, gid_to_sid */ - struct { - /* We deliberatedly don't split into domain/user to - avoid having the client know what the separator - character is. */ - fstring user; - fstring pass; - fstring require_membership_of_sid; - } auth; /* pam_winbind auth module */ - struct { - unsigned char chal[8]; - fstring user; - fstring domain; - fstring lm_resp; - uint16_t lm_resp_len; - fstring nt_resp; - uint16_t nt_resp_len; - fstring workstation; - fstring require_membership_of_sid; - } auth_crap; - struct { - fstring user; - fstring oldpass; - fstring newpass; - } chauthtok; /* pam_winbind passwd module */ - fstring sid; /* lookupsid, sid_to_[ug]id */ - struct { - fstring dom_name; /* lookupname */ - fstring name; - } name; - uint32_t num_entries; /* getpwent, getgrent */ - struct { - fstring username; - fstring groupname; - } acct_mgt; - struct { - BOOL is_primary; - fstring dcname; - } init_conn; - struct { - fstring sid; - fstring name; - BOOL alloc; - } dual_sid2id; - struct { - int type; - uid_t uid; - gid_t gid; - fstring sid; - } dual_idmapset; - struct { - fstring cache_key; - } dual_sidaliases; - } data; - char null_term; -}; - -/* Response values */ - -enum winbindd_result { - WINBINDD_ERROR, - WINBINDD_PENDING, - WINBINDD_OK -}; - -/* Winbind response structure */ - -struct winbindd_response { - - /* Header information */ - - uint32_t length; /* Length of response */ - enum winbindd_result result; /* Result code */ - - /* Fixed length return data */ - - union { - int interface_version; /* Try to ensure this is always in the - * same spot... */ - - fstring winsresp; /* WINS response */ - - /* getpwnam, getpwuid */ - - struct winbindd_pw pw; - - /* getgrnam, getgrgid */ - - struct winbindd_gr gr; - - uint32_t num_entries; /* getpwent, getgrent */ - struct winbindd_sid { - fstring sid; /* lookupname, [ug]id_to_sid */ - int type; - } sid; - struct winbindd_name { - fstring dom_name; /* lookupsid */ - fstring name; - int type; - } name; - uid_t uid; /* sid_to_uid */ - gid_t gid; /* sid_to_gid */ - struct winbindd_info { - char winbind_separator; - fstring samba_version; - } info; - fstring domain_name; - fstring netbios_name; - fstring dc_name; - - struct auth_reply { - uint32_t nt_status; - fstring nt_status_string; - fstring error_string; - int pam_error; - char user_session_key[16]; - char first_8_lm_hash[8]; - } auth; - uint32_t rid; /* create user or group or allocate rid */ - struct { - uint32_t rid; - gid_t gid; - } rid_and_gid; - struct { - fstring name; - fstring alt_name; - fstring sid; - BOOL native_mode; - BOOL active_directory; - BOOL primary; - uint32_t sequence_number; - } domain_info; - struct { - fstring acct_name; - fstring full_name; - fstring homedir; - fstring shell; - uint32_t group_rid; - } user_info; - } data; - - /* Variable length return data */ - - void *extra_data; /* getgrnam, getgrgid, getgrent */ -}; - -#endif