sin/samba-mirror
1
0
Fork 0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Code
bfb1494e81
samba-mirror/source3/winbindd/winbindd.h
Ralph Boehme 4a74748d32 winbindd: Add force_dc to bypass cached connection and DC lookup 
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-21 19:10:35 +00:00

363 lines
11 KiB
C
Raw Blame History

/*
Unix SMB/CIFS implementation.
Winbind daemon for ntdom nss module
Copyright (C) Tim Potter 2000
Copyright (C) Jim McDonough <jmcd@us.ibm.com> 2003
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 3 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Library General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef _WINBINDD_H
#define _WINBINDD_H
#include "nsswitch/winbind_struct_protocol.h"
#include "nsswitch/libwbclient/wbclient.h"
#include "librpc/gen_ndr/dcerpc.h"
#include "librpc/gen_ndr/winbind.h"
#include "../lib/util/tevent_ntstatus.h"
#ifdef HAVE_LIBNSCD
#include <libnscd.h>
#endif
#ifdef HAVE_SYS_MMAN_H
#include <sys/mman.h>
#endif
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_WINBIND
#define WB_REPLACE_CHAR '_'
struct winbind_internal_pipes;
struct ads_struct;
struct winbindd_cli_state {
struct winbindd_cli_state *prev, *next; /* Linked list pointers */
int sock; /* Open socket from client */
pid_t pid; /* pid of client */
char client_name[32]; /* The process name of the client */
time_t last_access; /* Time of last access (read or write) */
bool privileged; /* Is the client 'privileged' */
TALLOC_CTX *mem_ctx; /* memory per request */
const char *cmd_name;
NTSTATUS (*recv_fn)(struct tevent_req *req,
struct winbindd_response *presp);
struct winbindd_request *request; /* Request from client */
struct tevent_queue *out_queue;
struct winbindd_response *response; /* Respose to client */
struct tevent_req *io_req; /* wb_req_read_* or wb_resp_write_* */
struct getpwent_state *pwent_state; /* State for getpwent() */
struct getgrent_state *grent_state; /* State for getgrent() */
};
struct getpwent_state {
struct winbindd_domain *domain;
uint32_t next_user;
struct wbint_RidArray rids;
};
struct getgrent_state {
struct winbindd_domain *domain;
uint32_t next_group;
uint32_t num_groups;
struct wbint_Principal *groups;
};
/* Our connection to the DC */
struct winbindd_cm_conn {
struct cli_state *cli;
enum dcerpc_AuthLevel auth_level;
struct rpc_pipe_client *samr_pipe;
struct policy_handle sam_connect_handle, sam_domain_handle;
struct rpc_pipe_client *lsa_pipe;
struct rpc_pipe_client *lsa_pipe_tcp;
struct policy_handle lsa_policy;
struct rpc_pipe_client *netlogon_pipe;
struct netlogon_creds_cli_context *netlogon_creds_ctx;
bool netlogon_force_reauth;
};
/* Async child */
struct winbindd_domain;
struct winbindd_child {
pid_t pid;
struct winbindd_domain *domain;
char *logfilename;
int sock;
struct tevent_fd *monitor_fde; /* Watch for dead children/sockets */
struct tevent_queue *queue;
struct dcerpc_binding_handle *binding_handle;
struct tevent_timer *lockout_policy_event;
struct tevent_timer *machine_password_change_event;
};
/* Structures to hold per domain information */
struct winbindd_domain {
char *name; /* Domain name (NetBIOS) */
char *alt_name; /* alt Domain name, if any (FQDN for ADS) */
char *forest_name; /* Name of the AD forest we're in */
struct dom_sid sid; /* SID for this domain */
enum netr_SchannelType secure_channel_type;
uint32_t domain_flags; /* Domain flags from netlogon.h */
uint32_t domain_type; /* Domain type from netlogon.h */
uint32_t domain_trust_attribs; /* Trust attribs from netlogon.h */
struct winbindd_domain *routing_domain;
bool initialized; /* Did we already ask for the domain mode? */
bool native_mode; /* is this a win2k domain in native mode ? */
bool active_directory; /* is this a win2k active directory ? */
bool primary; /* is this our primary domain ? */
bool internal; /* BUILTIN and member SAM */
bool rodc; /* Are we an RODC for this AD domain? (do some operations locally) */
bool online; /* is this domain available ? */
time_t startup_time; /* When we set "startup" true. monotonic clock */
bool startup; /* are we in the first 30 seconds after startup_time ? */
bool can_do_ncacn_ip_tcp;
/*
* Lookup methods for this domain (LDAP or RPC). The backend
* methods are used by the cache layer.
*/
struct winbindd_methods *backend;
struct {
struct winbind_internal_pipes *samr_pipes;
struct ads_struct *ads_conn;
} backend_data;
/* A working DC */
bool force_dc;
char *dcname;
const char *ping_dcname;
struct sockaddr_storage dcaddr;
/* Sequence number stuff */
time_t last_seq_check;
uint32_t sequence_number;
NTSTATUS last_status;
/* The smb connection */
struct winbindd_cm_conn conn;
/* The child pid we're talking to */
struct winbindd_child *children;
struct tevent_queue *queue;
struct dcerpc_binding_handle *binding_handle;
struct tevent_req *check_online_event;
/* Linked list info */
struct winbindd_domain *prev, *next;
};
struct wb_parent_idmap_config_dom {
unsigned low_id;
unsigned high_id;
const char *name;
struct dom_sid sid;
};
struct wb_parent_idmap_config {
struct tevent_queue *queue;
uint32_t num_doms;
bool initialized;
struct wb_parent_idmap_config_dom *doms;
};
struct wb_acct_info {
const char *acct_name; /* account name */
const char *acct_desc; /* account name */
uint32_t rid; /* domain-relative RID */
};
/* per-domain methods. This is how LDAP vs RPC is selected
*/
struct winbindd_methods {
/* does this backend provide a consistent view of the data? (ie. is the primary group
always correct) */
bool consistent;
/* get a list of users, returning a wbint_userinfo for each one */
NTSTATUS (*query_user_list)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32_t **rids);
/* get a list of domain groups */
NTSTATUS (*enum_dom_groups)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32_t *num_entries,
struct wb_acct_info **info);
/* get a list of domain local groups */
NTSTATUS (*enum_local_groups)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32_t *num_entries,
struct wb_acct_info **info);
/* convert one user or group name to a sid */
NTSTATUS (*name_to_sid)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const char *domain_name,
const char *name,
uint32_t flags,
const char **pdom_name,
struct dom_sid *sid,
enum lsa_SidType *type);
/* convert a sid to a user or group name */
NTSTATUS (*sid_to_name)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const struct dom_sid *sid,
char **domain_name,
char **name,
enum lsa_SidType *type);
NTSTATUS (*rids_to_names)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const struct dom_sid *domain_sid,
uint32_t *rids,
size_t num_rids,
char **domain_name,
char ***names,
enum lsa_SidType **types);
/* lookup all groups that a user is a member of. The backend
can also choose to lookup by username or rid for this
function */
NTSTATUS (*lookup_usergroups)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const struct dom_sid *user_sid,
uint32_t *num_groups, struct dom_sid **user_gids);
/* Lookup all aliases that the sids delivered are member of. This is
* to implement 'domain local groups' correctly */
NTSTATUS (*lookup_useraliases)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
uint32_t num_sids,
const struct dom_sid *sids,
uint32_t *num_aliases,
uint32_t **alias_rids);
/* find all members of the group with the specified group_rid */
NTSTATUS (*lookup_groupmem)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
const struct dom_sid *group_sid,
enum lsa_SidType type,
uint32_t *num_names,
struct dom_sid **sid_mem, char ***names,
uint32_t **name_types);
/* return the lockout policy */
NTSTATUS (*lockout_policy)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
struct samr_DomInfo12 *lockout_policy);
/* return the lockout policy */
NTSTATUS (*password_policy)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
struct samr_DomInfo1 *password_policy);
/* enumerate trusted domains */
NTSTATUS (*trusted_domains)(struct winbindd_domain *domain,
TALLOC_CTX *mem_ctx,
struct netr_DomainTrustList *trusts);
};
/* Filled out by IDMAP backends */
struct winbindd_idmap_methods {
/* Called when backend is first loaded */
bool (*init)(void);
bool (*get_sid_from_uid)(uid_t uid, struct dom_sid *sid);
bool (*get_sid_from_gid)(gid_t gid, struct dom_sid *sid);
bool (*get_uid_from_sid)(struct dom_sid *sid, uid_t *uid);
bool (*get_gid_from_sid)(struct dom_sid *sid, gid_t *gid);
/* Called when backend is unloaded */
bool (*close)(void);
/* Called to dump backend status */
void (*status)(void);
};
/* Data structures for dealing with the trusted domain cache */
struct winbindd_tdc_domain {
const char *domain_name;
const char *dns_name;
struct dom_sid sid;
uint32_t trust_flags;
uint32_t trust_attribs;
uint32_t trust_type;
};
struct WINBINDD_MEMORY_CREDS {
struct WINBINDD_MEMORY_CREDS *next, *prev;
const char *username; /* lookup key. */
uid_t uid;
int ref_count;
size_t len;
uint8_t *nt_hash; /* Base pointer for the following 2 */
uint8_t *lm_hash;
char *pass;
};
struct WINBINDD_CCACHE_ENTRY {
struct WINBINDD_CCACHE_ENTRY *next, *prev;
const char *principal_name;
const char *ccname;
const char *service;
const char *username;
const char *realm;
const char *canon_principal;
const char *canon_realm;
struct WINBINDD_MEMORY_CREDS *cred_ptr;
int ref_count;
uid_t uid;
time_t create_time;
time_t renew_until;
time_t refresh_time;
struct tevent_timer *event;
};
#include "winbindd/winbindd_proto.h"
#define WINBINDD_ESTABLISH_LOOP 30
#define WINBINDD_RESCAN_FREQ lp_winbind_cache_time()
#define WINBINDD_PAM_AUTH_KRB5_RENEW_TIME 2592000 /* one month */
#define DOM_SEQUENCE_NONE ((uint32_t)-1)
#endif /* _WINBINDD_H */
View Git Blame Copy Permalink