[PATCH] pass "authoritative" result from samlogon through libwbclient
Volker Lendecke
vl at samba.org
Wed Mar 1 12:21:31 UTC 2017
Hi!
No behaviour change intended, will be used later.
Review appreciated!
Thanks, Volker
-------------- next part --------------
>From 2ad7d380c4e7b4515e616e4dfb232e025c3f8b18 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 28 Jan 2017 11:27:21 +0000
Subject: [PATCH 1/8] cli_netlogon: Remove a fallback for authoritative=NULL
The two callers of rpccli_netlogon_network_logon have authoritative
set !=NULL
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_client/cli_netlogon.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 166f318..0dab9f7 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -472,16 +472,12 @@ NTSTATUS rpccli_netlogon_network_logon(struct netlogon_creds_cli_context *creds,
struct netr_NetworkInfo *network_info;
uint16_t validation_level = 0;
union netr_Validation *validation = NULL;
- uint8_t _authoritative = 0;
uint32_t _flags = 0;
struct netr_ChallengeResponse lm;
struct netr_ChallengeResponse nt;
*info3 = NULL;
- if (authoritative == NULL) {
- authoritative = &_authoritative;
- }
if (flags == NULL) {
flags = &_flags;
}
--
2.1.4
>From f65193ebab636e886c9f18b30973cd5e3bbd0fad Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 28 Jan 2017 11:31:09 +0000
Subject: [PATCH 2/8] cli_netlogon: Remove a fallback for flags=NULL
The two callers of rpccli_netlogon_network_logon have flags set !=NULL
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_client/cli_netlogon.c | 5 -----
1 file changed, 5 deletions(-)
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 0dab9f7..d166629 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -472,16 +472,11 @@ NTSTATUS rpccli_netlogon_network_logon(struct netlogon_creds_cli_context *creds,
struct netr_NetworkInfo *network_info;
uint16_t validation_level = 0;
union netr_Validation *validation = NULL;
- uint32_t _flags = 0;
struct netr_ChallengeResponse lm;
struct netr_ChallengeResponse nt;
*info3 = NULL;
- if (flags == NULL) {
- flags = &_flags;
- }
-
ZERO_STRUCT(lm);
ZERO_STRUCT(nt);
--
2.1.4
>From 05ade180004713060e641da610449c1fcf5b9201 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 28 Jan 2017 11:36:11 +0000
Subject: [PATCH 3/8] cli_netlogon: Add return parms to
rpccli_netlogon_password_logon
Just for symmetry with rpccli_netlogon_network_logon()
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/rpc_client/cli_netlogon.c | 8 ++++----
source3/rpc_client/cli_netlogon.h | 2 ++
source3/rpcclient/cmd_netlogon.c | 4 ++++
source3/winbindd/winbindd_pam.c | 2 ++
4 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index d166629..634c78b 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -310,6 +310,8 @@ NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_context *creds
const char *password,
const char *workstation,
enum netr_LogonInfoClass logon_type,
+ uint8_t *authoritative,
+ uint32_t *flags,
struct netr_SamInfo3 **info3)
{
TALLOC_CTX *frame = talloc_stackframe();
@@ -317,8 +319,6 @@ NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_context *creds
union netr_LogonLevel *logon;
uint16_t validation_level = 0;
union netr_Validation *validation = NULL;
- uint8_t authoritative = 0;
- uint32_t flags = 0;
char *workstation_slash = NULL;
logon = talloc_zero(frame, union netr_LogonLevel);
@@ -426,8 +426,8 @@ NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_context *creds
frame,
&validation_level,
&validation,
- &authoritative,
- &flags);
+ authoritative,
+ flags);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return status;
diff --git a/source3/rpc_client/cli_netlogon.h b/source3/rpc_client/cli_netlogon.h
index d63805b..bef0def 100644
--- a/source3/rpc_client/cli_netlogon.h
+++ b/source3/rpc_client/cli_netlogon.h
@@ -65,6 +65,8 @@ NTSTATUS rpccli_netlogon_password_logon(struct netlogon_creds_cli_context *creds
const char *password,
const char *workstation,
enum netr_LogonInfoClass logon_type,
+ uint8_t *authoritative,
+ uint32_t *flags,
struct netr_SamInfo3 **info3);
NTSTATUS rpccli_netlogon_network_logon(struct netlogon_creds_cli_context *creds,
struct dcerpc_binding_handle *binding_handle,
diff --git a/source3/rpcclient/cmd_netlogon.c b/source3/rpcclient/cmd_netlogon.c
index f657172..29d3096 100644
--- a/source3/rpcclient/cmd_netlogon.c
+++ b/source3/rpcclient/cmd_netlogon.c
@@ -779,6 +779,8 @@ static NTSTATUS cmd_netlogon_sam_logon(struct rpc_pipe_client *cli,
uint32_t logon_param = 0;
const char *workstation = NULL;
struct netr_SamInfo3 *info3 = NULL;
+ uint8_t authoritative = 0;
+ uint32_t flags = 0;
/* Check arguments */
@@ -816,6 +818,8 @@ static NTSTATUS cmd_netlogon_sam_logon(struct rpc_pipe_client *cli,
password,
workstation,
logon_type,
+ &authoritative,
+ &flags,
&info3);
if (!NT_STATUS_IS_OK(result))
goto done;
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 741a42f..1864d98 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1391,6 +1391,8 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
password,
workstation,
NetlogonInteractiveInformation,
+ &authoritative,
+ &flags,
info3);
} else {
result = rpccli_netlogon_network_logon(domain->conn.netlogon_creds,
--
2.1.4
>From 5db90f12bcba9098c9062ffcc486f8f3ac323fad Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 28 Jan 2017 20:20:59 +0000
Subject: [PATCH 4/8] winbind: Pass up args from winbind_samlogon_retry_loop
In particular "authoritative" is useful at the top level
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_pam.c | 20 ++++++++++++++------
1 file changed, 14 insertions(+), 6 deletions(-)
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 1864d98..f4c9c2e 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1319,6 +1319,8 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
DATA_BLOB lm_response,
DATA_BLOB nt_response,
bool interactive,
+ uint8_t *authoritative,
+ uint32_t *flags,
struct netr_SamInfo3 **info3)
{
int attempts = 0;
@@ -1328,8 +1330,6 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
do {
struct rpc_pipe_client *netlogon_pipe;
- uint8_t authoritative = 0;
- uint32_t flags = 0;
ZERO_STRUCTP(info3);
retry = false;
@@ -1391,8 +1391,8 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
password,
workstation,
NetlogonInteractiveInformation,
- &authoritative,
- &flags,
+ authoritative,
+ flags,
info3);
} else {
result = rpccli_netlogon_network_logon(domain->conn.netlogon_creds,
@@ -1405,8 +1405,8 @@ static NTSTATUS winbind_samlogon_retry_loop(struct winbindd_domain *domain,
chal,
lm_response,
nt_response,
- &authoritative,
- &flags,
+ authoritative,
+ flags,
info3);
}
@@ -1492,6 +1492,8 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(TALLOC_CTX *mem_ctx,
fstring name_domain, name_user;
NTSTATUS result;
struct netr_SamInfo3 *my_info3 = NULL;
+ uint8_t authoritative = 0;
+ uint32_t flags = 0;
*info3 = NULL;
@@ -1566,6 +1568,8 @@ static NTSTATUS winbindd_dual_pam_auth_samlogon(TALLOC_CTX *mem_ctx,
lm_resp,
nt_resp,
true, /* interactive */
+ &authoritative,
+ &flags,
&my_info3);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -1947,6 +1951,8 @@ NTSTATUS winbind_dual_SamLogon(struct winbindd_domain *domain,
DATA_BLOB nt_response,
struct netr_SamInfo3 **info3)
{
+ uint8_t authoritative = 0;
+ uint32_t flags = 0;
NTSTATUS result;
if (strequal(name_domain, get_global_sam_name())) {
@@ -1981,6 +1987,8 @@ NTSTATUS winbind_dual_SamLogon(struct winbindd_domain *domain,
lm_response,
nt_response,
false, /* interactive */
+ &authoritative,
+ &flags,
info3);
if (!NT_STATUS_IS_OK(result)) {
goto done;
--
2.1.4
>From c26fd120bf2b3feee310abf30228cbc13dab9ead Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 28 Jan 2017 20:20:59 +0000
Subject: [PATCH 5/8] winbind: Pass up args from winbind_dual_SamLogon
We'll need to pass "authoritative" back to the winbind client
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_dual_srv.c | 7 ++++++-
source3/winbindd/winbindd_pam.c | 14 ++++++++++----
source3/winbindd/winbindd_proto.h | 2 ++
3 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/source3/winbindd/winbindd_dual_srv.c b/source3/winbindd/winbindd_dual_srv.c
index b0b38a6..a2840bc 100644
--- a/source3/winbindd/winbindd_dual_srv.c
+++ b/source3/winbindd/winbindd_dual_srv.c
@@ -843,6 +843,9 @@ NTSTATUS _winbind_SamLogon(struct pipes_struct *p,
struct winbindd_domain *domain;
NTSTATUS status;
DATA_BLOB lm_response, nt_response;
+ uint8_t authoritative;
+ uint32_t flags;
+
domain = wb_child_domain();
if (domain == NULL) {
return NT_STATUS_REQUEST_NOT_ACCEPTED;
@@ -866,7 +869,9 @@ NTSTATUS _winbind_SamLogon(struct pipes_struct *p,
r->in.logon.network->identity_info.domain_name.string,
r->in.logon.network->identity_info.workstation.string,
r->in.logon.network->challenge,
- lm_response, nt_response, &r->out.validation.sam3);
+ lm_response, nt_response,
+ &authoritative, &flags,
+ &r->out.validation.sam3);
return status;
}
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index f4c9c2e..d955db0 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -1949,10 +1949,10 @@ NTSTATUS winbind_dual_SamLogon(struct winbindd_domain *domain,
const uint8_t chal[8],
DATA_BLOB lm_response,
DATA_BLOB nt_response,
+ uint8_t *authoritative,
+ uint32_t *flags,
struct netr_SamInfo3 **info3)
{
- uint8_t authoritative = 0;
- uint32_t flags = 0;
NTSTATUS result;
if (strequal(name_domain, get_global_sam_name())) {
@@ -1971,6 +1971,8 @@ NTSTATUS winbind_dual_SamLogon(struct winbindd_domain *domain,
* We need to try the remote NETLOGON server if this is NOT_IMPLEMENTED
*/
if (!NT_STATUS_EQUAL(result, NT_STATUS_NOT_IMPLEMENTED)) {
+ *authoritative = 1;
+ *flags = 0;
goto process_result;
}
}
@@ -1987,8 +1989,8 @@ NTSTATUS winbind_dual_SamLogon(struct winbindd_domain *domain,
lm_response,
nt_response,
false, /* interactive */
- &authoritative,
- &flags,
+ authoritative,
+ flags,
info3);
if (!NT_STATUS_IS_OK(result)) {
goto done;
@@ -2052,6 +2054,8 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
const char *name_user = NULL;
const char *name_domain = NULL;
const char *workstation;
+ uint8_t authoritative;
+ uint32_t flags;
DATA_BLOB lm_resp, nt_resp;
@@ -2104,6 +2108,8 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
state->request->data.auth_crap.chal,
lm_resp,
nt_resp,
+ &authoritative,
+ &flags,
&info3);
if (!NT_STATUS_IS_OK(result)) {
goto done;
diff --git a/source3/winbindd/winbindd_proto.h b/source3/winbindd/winbindd_proto.h
index d7dec3a..5bbd60b 100644
--- a/source3/winbindd/winbindd_proto.h
+++ b/source3/winbindd/winbindd_proto.h
@@ -442,6 +442,8 @@ NTSTATUS winbind_dual_SamLogon(struct winbindd_domain *domain,
const uint8_t chal[8],
DATA_BLOB lm_response,
DATA_BLOB nt_response,
+ uint8_t *authoritative,
+ uint32_t *flags,
struct netr_SamInfo3 **info3);
/* The following definitions come from winbindd/winbindd_util.c */
--
2.1.4
>From 56294f00436296e89b6a504bb13b379cf3a6ec85 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 29 Jan 2017 16:46:12 +0000
Subject: [PATCH 6/8] winbind: Add "authoritative" to winbindd_response
This is a relevant piece of info in the samlogon response,
smbd and netlogond need to be able to react to it.
Signed-off-by: Volker Lendecke <vl at samba.org>
---
nsswitch/winbind_struct_protocol.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/nsswitch/winbind_struct_protocol.h b/nsswitch/winbind_struct_protocol.h
index 84829d2..ccc9ef2 100644
--- a/nsswitch/winbind_struct_protocol.h
+++ b/nsswitch/winbind_struct_protocol.h
@@ -58,8 +58,9 @@ typedef char fstring[FSTRING_LEN];
* removed WINBINDD_SID_TO_GID
* removed WINBINDD_GID_TO_SID
* removed WINBINDD_UID_TO_SID
+ * 29: added "authoritative" to response.data.auth
*/
-#define WINBIND_INTERFACE_VERSION 28
+#define WINBIND_INTERFACE_VERSION 29
/* Have to deal with time_t being 4 or 8 bytes due to structure alignment.
On a 64bit Linux box, we have to support a constant structure size
@@ -432,6 +433,7 @@ struct winbindd_response {
char first_8_lm_hash[8];
fstring krb5ccname;
uint32_t reject_reason;
+ uint8_t authoritative;
uint32_t padding;
struct policy_settings {
uint32_t min_length_password;
--
2.1.4
>From c15d6617e08580ec363cde1f92596fb4cb4638d3 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sat, 11 Feb 2017 10:04:29 +0100
Subject: [PATCH 7/8] winbind: Set "authoritative" in response to auth_crap
Signed-off-by: Volker Lendecke <vl at samba.org>
---
source3/winbindd/winbindd_pam.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index d955db0..3d62522 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -2112,6 +2112,7 @@ enum winbindd_result winbindd_dual_pam_auth_crap(struct winbindd_domain *domain,
&flags,
&info3);
if (!NT_STATUS_IS_OK(result)) {
+ state->response->data.auth.authoritative = authoritative;
goto done;
}
--
2.1.4
>From 8522abfcb6badd7d22d3a84639e933a63ebd5896 Mon Sep 17 00:00:00 2001
From: Volker Lendecke <vl at samba.org>
Date: Sun, 29 Jan 2017 16:51:53 +0000
Subject: [PATCH 8/8] libwbclient: Add "authoritative" to wbcAuthErrorInfo
smbd needs to react to "authoritative"
Signed-off-by: Volker Lendecke <vl at samba.org>
---
nsswitch/libwbclient/ABI/wbclient-0.14.sigs | 132 ++++++++++++++++++++++++++++
nsswitch/libwbclient/wbc_pam.c | 1 +
nsswitch/libwbclient/wbclient.h | 4 +-
nsswitch/libwbclient/wscript | 2 +-
4 files changed, 137 insertions(+), 2 deletions(-)
create mode 100644 nsswitch/libwbclient/ABI/wbclient-0.14.sigs
diff --git a/nsswitch/libwbclient/ABI/wbclient-0.14.sigs b/nsswitch/libwbclient/ABI/wbclient-0.14.sigs
new file mode 100644
index 0000000..b07a6a8
--- /dev/null
+++ b/nsswitch/libwbclient/ABI/wbclient-0.14.sigs
@@ -0,0 +1,132 @@
+wbcAddNamedBlob: wbcErr (size_t *, struct wbcNamedBlob **, const char *, uint32_t, uint8_t *, size_t)
+wbcAllocateGid: wbcErr (gid_t *)
+wbcAllocateMemory: void *(size_t, size_t, void (*)(void *))
+wbcAllocateStringArray: const char **(int)
+wbcAllocateUid: wbcErr (uid_t *)
+wbcAuthenticateUser: wbcErr (const char *, const char *)
+wbcAuthenticateUserEx: wbcErr (const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **)
+wbcChangeTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcChangeUserPassword: wbcErr (const char *, const char *, const char *)
+wbcChangeUserPasswordEx: wbcErr (const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **)
+wbcCheckTrustCredentials: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcCredentialCache: wbcErr (struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **)
+wbcCredentialSave: wbcErr (const char *, const char *)
+wbcCtxAllocateGid: wbcErr (struct wbcContext *, gid_t *)
+wbcCtxAllocateUid: wbcErr (struct wbcContext *, uid_t *)
+wbcCtxAuthenticateUser: wbcErr (struct wbcContext *, const char *, const char *)
+wbcCtxAuthenticateUserEx: wbcErr (struct wbcContext *, const struct wbcAuthUserParams *, struct wbcAuthUserInfo **, struct wbcAuthErrorInfo **)
+wbcCtxChangeTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **)
+wbcCtxChangeUserPassword: wbcErr (struct wbcContext *, const char *, const char *, const char *)
+wbcCtxChangeUserPasswordEx: wbcErr (struct wbcContext *, const struct wbcChangePasswordParams *, struct wbcAuthErrorInfo **, enum wbcPasswordChangeRejectReason *, struct wbcUserPasswordPolicyInfo **)
+wbcCtxCheckTrustCredentials: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **)
+wbcCtxCreate: struct wbcContext *(void)
+wbcCtxCredentialCache: wbcErr (struct wbcContext *, struct wbcCredentialCacheParams *, struct wbcCredentialCacheInfo **, struct wbcAuthErrorInfo **)
+wbcCtxCredentialSave: wbcErr (struct wbcContext *, const char *, const char *)
+wbcCtxDcInfo: wbcErr (struct wbcContext *, const char *, size_t *, const char ***, const char ***)
+wbcCtxDomainInfo: wbcErr (struct wbcContext *, const char *, struct wbcDomainInfo **)
+wbcCtxEndgrent: wbcErr (struct wbcContext *)
+wbcCtxEndpwent: wbcErr (struct wbcContext *)
+wbcCtxFree: void (struct wbcContext *)
+wbcCtxGetDisplayName: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcCtxGetGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, gid_t **)
+wbcCtxGetSidAliases: wbcErr (struct wbcContext *, const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *)
+wbcCtxGetgrent: wbcErr (struct wbcContext *, struct group **)
+wbcCtxGetgrgid: wbcErr (struct wbcContext *, gid_t, struct group **)
+wbcCtxGetgrlist: wbcErr (struct wbcContext *, struct group **)
+wbcCtxGetgrnam: wbcErr (struct wbcContext *, const char *, struct group **)
+wbcCtxGetpwent: wbcErr (struct wbcContext *, struct passwd **)
+wbcCtxGetpwnam: wbcErr (struct wbcContext *, const char *, struct passwd **)
+wbcCtxGetpwsid: wbcErr (struct wbcContext *, struct wbcDomainSid *, struct passwd **)
+wbcCtxGetpwuid: wbcErr (struct wbcContext *, uid_t, struct passwd **)
+wbcCtxGidToSid: wbcErr (struct wbcContext *, gid_t, struct wbcDomainSid *)
+wbcCtxInterfaceDetails: wbcErr (struct wbcContext *, struct wbcInterfaceDetails **)
+wbcCtxListGroups: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***)
+wbcCtxListTrusts: wbcErr (struct wbcContext *, struct wbcDomainInfo **, size_t *)
+wbcCtxListUsers: wbcErr (struct wbcContext *, const char *, uint32_t *, const char ***)
+wbcCtxLogoffUser: wbcErr (struct wbcContext *, const char *, uid_t, const char *)
+wbcCtxLogoffUserEx: wbcErr (struct wbcContext *, const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **)
+wbcCtxLogonUser: wbcErr (struct wbcContext *, const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **)
+wbcCtxLookupDomainController: wbcErr (struct wbcContext *, const char *, uint32_t, struct wbcDomainControllerInfo **)
+wbcCtxLookupDomainControllerEx: wbcErr (struct wbcContext *, const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **)
+wbcCtxLookupName: wbcErr (struct wbcContext *, const char *, const char *, struct wbcDomainSid *, enum wbcSidType *)
+wbcCtxLookupRids: wbcErr (struct wbcContext *, struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **)
+wbcCtxLookupSid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcCtxLookupSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **)
+wbcCtxLookupUserSids: wbcErr (struct wbcContext *, const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **)
+wbcCtxPing: wbcErr (struct wbcContext *)
+wbcCtxPingDc: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **)
+wbcCtxPingDc2: wbcErr (struct wbcContext *, const char *, struct wbcAuthErrorInfo **, char **)
+wbcCtxResolveWinsByIP: wbcErr (struct wbcContext *, const char *, char **)
+wbcCtxResolveWinsByName: wbcErr (struct wbcContext *, const char *, char **)
+wbcCtxSetgrent: wbcErr (struct wbcContext *)
+wbcCtxSetpwent: wbcErr (struct wbcContext *)
+wbcCtxSidToGid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, gid_t *)
+wbcCtxSidToUid: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uid_t *)
+wbcCtxSidsToUnixIds: wbcErr (struct wbcContext *, const struct wbcDomainSid *, uint32_t, struct wbcUnixId *)
+wbcCtxUidToSid: wbcErr (struct wbcContext *, uid_t, struct wbcDomainSid *)
+wbcCtxUnixIdsToSids: wbcErr (struct wbcContext *, const struct wbcUnixId *, uint32_t, struct wbcDomainSid *)
+wbcDcInfo: wbcErr (const char *, size_t *, const char ***, const char ***)
+wbcDomainInfo: wbcErr (const char *, struct wbcDomainInfo **)
+wbcEndgrent: wbcErr (void)
+wbcEndpwent: wbcErr (void)
+wbcErrorString: const char *(wbcErr)
+wbcFreeMemory: void (void *)
+wbcGetDisplayName: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcGetGlobalCtx: struct wbcContext *(void)
+wbcGetGroups: wbcErr (const char *, uint32_t *, gid_t **)
+wbcGetSidAliases: wbcErr (const struct wbcDomainSid *, struct wbcDomainSid *, uint32_t, uint32_t **, uint32_t *)
+wbcGetgrent: wbcErr (struct group **)
+wbcGetgrgid: wbcErr (gid_t, struct group **)
+wbcGetgrlist: wbcErr (struct group **)
+wbcGetgrnam: wbcErr (const char *, struct group **)
+wbcGetpwent: wbcErr (struct passwd **)
+wbcGetpwnam: wbcErr (const char *, struct passwd **)
+wbcGetpwsid: wbcErr (struct wbcDomainSid *, struct passwd **)
+wbcGetpwuid: wbcErr (uid_t, struct passwd **)
+wbcGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
+wbcGuidToString: wbcErr (const struct wbcGuid *, char **)
+wbcInterfaceDetails: wbcErr (struct wbcInterfaceDetails **)
+wbcLibraryDetails: wbcErr (struct wbcLibraryDetails **)
+wbcListGroups: wbcErr (const char *, uint32_t *, const char ***)
+wbcListTrusts: wbcErr (struct wbcDomainInfo **, size_t *)
+wbcListUsers: wbcErr (const char *, uint32_t *, const char ***)
+wbcLogoffUser: wbcErr (const char *, uid_t, const char *)
+wbcLogoffUserEx: wbcErr (const struct wbcLogoffUserParams *, struct wbcAuthErrorInfo **)
+wbcLogonUser: wbcErr (const struct wbcLogonUserParams *, struct wbcLogonUserInfo **, struct wbcAuthErrorInfo **, struct wbcUserPasswordPolicyInfo **)
+wbcLookupDomainController: wbcErr (const char *, uint32_t, struct wbcDomainControllerInfo **)
+wbcLookupDomainControllerEx: wbcErr (const char *, struct wbcGuid *, const char *, uint32_t, struct wbcDomainControllerInfoEx **)
+wbcLookupName: wbcErr (const char *, const char *, struct wbcDomainSid *, enum wbcSidType *)
+wbcLookupRids: wbcErr (struct wbcDomainSid *, int, uint32_t *, const char **, const char ***, enum wbcSidType **)
+wbcLookupSid: wbcErr (const struct wbcDomainSid *, char **, char **, enum wbcSidType *)
+wbcLookupSids: wbcErr (const struct wbcDomainSid *, int, struct wbcDomainInfo **, int *, struct wbcTranslatedName **)
+wbcLookupUserSids: wbcErr (const struct wbcDomainSid *, bool, uint32_t *, struct wbcDomainSid **)
+wbcPing: wbcErr (void)
+wbcPingDc: wbcErr (const char *, struct wbcAuthErrorInfo **)
+wbcPingDc2: wbcErr (const char *, struct wbcAuthErrorInfo **, char **)
+wbcQueryGidToSid: wbcErr (gid_t, struct wbcDomainSid *)
+wbcQuerySidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
+wbcQuerySidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
+wbcQueryUidToSid: wbcErr (uid_t, struct wbcDomainSid *)
+wbcRemoveGidMapping: wbcErr (gid_t, const struct wbcDomainSid *)
+wbcRemoveUidMapping: wbcErr (uid_t, const struct wbcDomainSid *)
+wbcRequestResponse: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *)
+wbcRequestResponsePriv: wbcErr (struct wbcContext *, int, struct winbindd_request *, struct winbindd_response *)
+wbcResolveWinsByIP: wbcErr (const char *, char **)
+wbcResolveWinsByName: wbcErr (const char *, char **)
+wbcSetGidHwm: wbcErr (gid_t)
+wbcSetGidMapping: wbcErr (gid_t, const struct wbcDomainSid *)
+wbcSetUidHwm: wbcErr (uid_t)
+wbcSetUidMapping: wbcErr (uid_t, const struct wbcDomainSid *)
+wbcSetgrent: wbcErr (void)
+wbcSetpwent: wbcErr (void)
+wbcSidToGid: wbcErr (const struct wbcDomainSid *, gid_t *)
+wbcSidToString: wbcErr (const struct wbcDomainSid *, char **)
+wbcSidToStringBuf: int (const struct wbcDomainSid *, char *, int)
+wbcSidToUid: wbcErr (const struct wbcDomainSid *, uid_t *)
+wbcSidTypeString: const char *(enum wbcSidType)
+wbcSidsToUnixIds: wbcErr (const struct wbcDomainSid *, uint32_t, struct wbcUnixId *)
+wbcStrDup: char *(const char *)
+wbcStringToGuid: wbcErr (const char *, struct wbcGuid *)
+wbcStringToSid: wbcErr (const char *, struct wbcDomainSid *)
+wbcUidToSid: wbcErr (uid_t, struct wbcDomainSid *)
+wbcUnixIdsToSids: wbcErr (const struct wbcUnixId *, uint32_t, struct wbcDomainSid *)
diff --git a/nsswitch/libwbclient/wbc_pam.c b/nsswitch/libwbclient/wbc_pam.c
index 0d1b90c..cb2d5a0 100644
--- a/nsswitch/libwbclient/wbc_pam.c
+++ b/nsswitch/libwbclient/wbc_pam.c
@@ -259,6 +259,7 @@ static wbcErr wbc_create_error_info(const struct winbindd_response *resp,
e->nt_status = resp->data.auth.nt_status;
e->pam_error = resp->data.auth.pam_error;
+ e->authoritative = resp->data.auth.authoritative;
e->nt_string = strdup(resp->data.auth.nt_status_string);
BAIL_ON_PTR_ERROR(e->nt_string, wbc_status);
diff --git a/nsswitch/libwbclient/wbclient.h b/nsswitch/libwbclient/wbclient.h
index 8c1803b..77915b9 100644
--- a/nsswitch/libwbclient/wbclient.h
+++ b/nsswitch/libwbclient/wbclient.h
@@ -74,9 +74,10 @@ const char *wbcErrorString(wbcErr error);
* 0.11: Extended wbcAuthenticateUserEx to provide PAC parsing
* 0.12: Added wbcCtxCreate and friends
* 0.13: Added wbcCtxUnixIdsToSids and wbcUnixIdsToSids
+ * 0.14: Added "authoritative" to wbcAuthErrorInfo
**/
#define WBCLIENT_MAJOR_VERSION 0
-#define WBCLIENT_MINOR_VERSION 13
+#define WBCLIENT_MINOR_VERSION 14
#define WBCLIENT_VENDOR_VERSION "Samba libwbclient"
struct wbcLibraryDetails {
uint16_t major_version;
@@ -419,6 +420,7 @@ struct wbcAuthErrorInfo {
char *nt_string;
int32_t pam_error;
char *display_string;
+ uint8_t authoritative;
};
/**
diff --git a/nsswitch/libwbclient/wscript b/nsswitch/libwbclient/wscript
index 5c5002a..c5390b9 100644
--- a/nsswitch/libwbclient/wscript
+++ b/nsswitch/libwbclient/wscript
@@ -3,7 +3,7 @@
import Options, Logs
# Remember to also update wbclient.h
-VERSION="0.13"
+VERSION="0.14"
# It may be useful at some point to allow Samba to build against a
# system libwbclient, such as the one provided by Likewise. To to
--
2.1.4
More information about the samba-technical
mailing list