Context Navigation

source: vendor/3.6.23/source3/include/passdb.h

Visit:

Last change on this file was 740, checked in by Silvan Scherrer, 13 years ago
Samba Server: update vendor to 3.6.0
File size: 16.1 KB

Line
1	/*
2	Unix SMB/CIFS implementation.
3	passdb structures and parameters
4	Copyright (C) Gerald Carter 2001
5	Copyright (C) Luke Kenneth Casson Leighton 1998 - 2000
6	Copyright (C) Andrew Bartlett 2002
7	Copyright (C) Simo Sorce 2003
8
9	This program is free software; you can redistribute it and/or modify
10	it under the terms of the GNU General Public License as published by
11	the Free Software Foundation; either version 3 of the License, or
12	(at your option) any later version.
13
14	This program is distributed in the hope that it will be useful,
15	but WITHOUT ANY WARRANTY; without even the implied warranty of
16	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	GNU General Public License for more details.
18
19	You should have received a copy of the GNU General Public License
20	along with this program. If not, see <http://www.gnu.org/licenses/>.
21	*/
22
23	#ifndef _PASSDB_H
24	#define _PASSDB_H
25
26	#include "../librpc/gen_ndr/lsa.h"
27
28	#include "mapping.h"
29
30	/**********************************************************************
31	* Masks for mappings between unix uid and gid types and
32	* NT RIDS.
33	**********************************************************************/
34
35	/* Take the bottom bit. */
36	#define RID_TYPE_MASK 1
37	#define RID_MULTIPLIER 2
38
39	/* The two common types. */
40	#define USER_RID_TYPE 0
41	#define GROUP_RID_TYPE 1
42
43	/*
44	* Flags for local user manipulation.
45	*/
46
47	#define LOCAL_ADD_USER 0x1
48	#define LOCAL_DELETE_USER 0x2
49	#define LOCAL_DISABLE_USER 0x4
50	#define LOCAL_ENABLE_USER 0x8
51	#define LOCAL_TRUST_ACCOUNT 0x10
52	#define LOCAL_SET_NO_PASSWORD 0x20
53	#define LOCAL_SET_PASSWORD 0x40
54	#define LOCAL_SET_LDAP_ADMIN_PW 0x80
55	#define LOCAL_INTERDOM_ACCOUNT 0x100
56	#define LOCAL_AM_ROOT 0x200 /* Act as root */
57
58	/*
59	* Size of new password account encoding string. This is enough space to
60	* hold 11 ACB characters, plus the surrounding [] and a terminating null.
61	* Do not change unless you are adding new ACB bits!
62	*/
63
64	#define NEW_PW_FORMAT_SPACE_PADDED_LEN 14
65
66	/* Password history contants. */
67	#define PW_HISTORY_SALT_LEN 16
68	#define SALTED_MD5_HASH_LEN 16
69	#define PW_HISTORY_ENTRY_LEN (PW_HISTORY_SALT_LEN+SALTED_MD5_HASH_LEN)
70	#define MAX_PW_HISTORY_LEN 24
71
72	/*
73	* bit flags representing initialized fields in struct samu
74	*/
75	enum pdb_elements {
76	PDB_UNINIT,
77	PDB_SMBHOME,
78	PDB_PROFILE,
79	PDB_DRIVE,
80	PDB_LOGONSCRIPT,
81	PDB_LOGONTIME,
82	PDB_LOGOFFTIME,
83	PDB_KICKOFFTIME,
84	PDB_BAD_PASSWORD_TIME,
85	PDB_CANCHANGETIME,
86	PDB_MUSTCHANGETIME,
87	PDB_PLAINTEXT_PW,
88	PDB_USERNAME,
89	PDB_FULLNAME,
90	PDB_DOMAIN,
91	PDB_NTUSERNAME,
92	PDB_HOURSLEN,
93	PDB_LOGONDIVS,
94	PDB_USERSID,
95	PDB_GROUPSID,
96	PDB_ACCTCTRL,
97	PDB_PASSLASTSET,
98	PDB_ACCTDESC,
99	PDB_WORKSTATIONS,
100	PDB_COMMENT,
101	PDB_MUNGEDDIAL,
102	PDB_HOURS,
103	PDB_FIELDS_PRESENT,
104	PDB_BAD_PASSWORD_COUNT,
105	PDB_LOGON_COUNT,
106	PDB_COUNTRY_CODE,
107	PDB_CODE_PAGE,
108	PDB_UNKNOWN6,
109	PDB_LMPASSWD,
110	PDB_NTPASSWD,
111	PDB_PWHISTORY,
112	PDB_BACKEND_PRIVATE_DATA,
113
114	/* this must be the last element */
115	PDB_COUNT
116	};
117
118	enum pdb_group_elements {
119	PDB_GROUP_NAME,
120	PDB_GROUP_SID,
121	PDB_GROUP_SID_NAME_USE,
122	PDB_GROUP_MEMBERS,
123
124	/* this must be the last element */
125	PDB_GROUP_COUNT
126	};
127
128
129	enum pdb_value_state {
130	PDB_DEFAULT=0,
131	PDB_SET,
132	PDB_CHANGED
133	};
134
135	#define IS_SAM_SET(x, flag) (pdb_get_init_flags(x, flag) == PDB_SET)
136	#define IS_SAM_CHANGED(x, flag) (pdb_get_init_flags(x, flag) == PDB_CHANGED)
137	#define IS_SAM_DEFAULT(x, flag) (pdb_get_init_flags(x, flag) == PDB_DEFAULT)
138
139	/* cache for bad password lockout data, to be used on replicated SAMs */
140	struct login_cache {
141	time_t entry_timestamp;
142	uint32_t acct_ctrl;
143	uint16_t bad_password_count;
144	time_t bad_password_time;
145	};
146
147	#define SAMU_BUFFER_V0 0
148	#define SAMU_BUFFER_V1 1
149	#define SAMU_BUFFER_V2 2
150	#define SAMU_BUFFER_V3 3
151	/* nothing changed from V3 to V4 */
152	#define SAMU_BUFFER_V4 4
153	#define SAMU_BUFFER_LATEST SAMU_BUFFER_V4
154
155	#define MAX_HOURS_LEN 32
156
157	struct samu {
158	struct pdb_methods *methods;
159
160	/* initialization flags */
161	struct bitmap *change_flags;
162	struct bitmap *set_flags;
163
164	time_t logon_time; /* logon time */
165	time_t logoff_time; /* logoff time */
166	time_t kickoff_time; /* kickoff time */
167	time_t bad_password_time; /* last bad password entered */
168	time_t pass_last_set_time; /* password last set time */
169	time_t pass_can_change_time; /* password can change time */
170	time_t pass_must_change_time; /* password must change time */
171
172	const char username; / UNIX username string */
173	const char domain; / Windows Domain name */
174	const char nt_username; / Windows username string */
175	const char full_name; / user's full name string */
176	const char home_dir; / home directory string */
177	const char dir_drive; / home directory drive string */
178	const char logon_script; / logon script string */
179	const char profile_path; / profile path string */
180	const char acct_desc; / user description string */
181	const char workstations; / login from workstations string */
182	const char *comment;
183	const char munged_dial; / munged path name and dial-back tel number */
184
185	struct dom_sid user_sid;
186	struct dom_sid *group_sid;
187
188	DATA_BLOB lm_pw; /* .data is Null if no password */
189	DATA_BLOB nt_pw; /* .data is Null if no password */
190	DATA_BLOB nt_pw_his; /* nt hashed password history .data is Null if not available */
191	char* plaintext_pw; /* is Null if not available */
192
193	uint32_t acct_ctrl; /* account info (ACB_xxxx bit-mask) */
194	uint32_t fields_present; /* 0x00ff ffff */
195
196	uint16_t logon_divs; /* 168 - number of hours in a week */
197	uint32_t hours_len; /* normally 21 bytes */
198	uint8_t hours[MAX_HOURS_LEN];
199
200	/* Was unknown_5. */
201	uint16_t bad_password_count;
202	uint16_t logon_count;
203
204	uint16_t country_code;
205	uint16_t code_page;
206
207	uint32_t unknown_6; /* 0x0000 04ec */
208
209	/* a tag for who added the private methods */
210
211	const struct pdb_methods *backend_private_methods;
212	void *backend_private_data;
213	void (backend_private_data_free_fn)(void *);
214
215	/* maintain a copy of the user's struct passwd */
216
217	struct passwd *unix_pw;
218	};
219
220	struct acct_info {
221	fstring acct_name; /* account name */
222	fstring acct_desc; /* account name */
223	uint32_t rid; /* domain-relative RID */
224	};
225
226	struct samr_displayentry {
227	uint32_t idx;
228	uint32_t rid;
229	uint32_t acct_flags;
230	const char *account_name;
231	const char *fullname;
232	const char *description;
233	};
234
235	enum pdb_search_type {
236	PDB_USER_SEARCH,
237	PDB_GROUP_SEARCH,
238	PDB_ALIAS_SEARCH
239	};
240
241	struct pdb_search {
242	enum pdb_search_type type;
243	struct samr_displayentry *cache;
244	uint32_t num_entries;
245	ssize_t cache_size;
246	bool search_ended;
247	void *private_data;
248	bool (next_entry)(struct pdb_search search,
249	struct samr_displayentry *entry);
250	void (search_end)(struct pdb_search search);
251	};
252
253	struct pdb_domain_info {
254	char *name;
255	char *dns_domain;
256	char *dns_forest;
257	struct dom_sid sid;
258	struct GUID guid;
259	};
260
261	struct pdb_trusted_domain {
262	char *domain_name;
263	char *netbios_name;
264	struct dom_sid security_identifier;
265	DATA_BLOB trust_auth_incoming;
266	DATA_BLOB trust_auth_outgoing;
267	uint32_t trust_direction;
268	uint32_t trust_type;
269	uint32_t trust_attributes;
270	DATA_BLOB trust_forest_trust_info;
271	};
272
273	/*
274	* trusted domain entry/entries returned by secrets_get_trusted_domains
275	* (used in _lsa_enum_trust_dom call)
276	*/
277	struct trustdom_info {
278	char *name;
279	struct dom_sid sid;
280	};
281
282	/*
283	* Types of account policy.
284	*/
285	enum pdb_policy_type {
286	PDB_POLICY_MIN_PASSWORD_LEN = 1,
287	PDB_POLICY_PASSWORD_HISTORY = 2,
288	PDB_POLICY_USER_MUST_LOGON_TO_CHG_PASS = 3,
289	PDB_POLICY_MAX_PASSWORD_AGE = 4,
290	PDB_POLICY_MIN_PASSWORD_AGE = 5,
291	PDB_POLICY_LOCK_ACCOUNT_DURATION = 6,
292	PDB_POLICY_RESET_COUNT_TIME = 7,
293	PDB_POLICY_BAD_ATTEMPT_LOCKOUT = 8,
294	PDB_POLICY_TIME_TO_LOGOUT = 9,
295	PDB_POLICY_REFUSE_MACHINE_PW_CHANGE = 10
296	};
297
298	#define PDB_CAP_STORE_RIDS 0x0001
299	#define PDB_CAP_ADS 0x0002
300	#define PDB_CAP_TRUSTED_DOMAINS_EX 0x0004
301
302	/*****************************************************************
303	Functions to be implemented by the new (v2) passdb API
304	****************************************************************/
305
306	/*
307	* This next constant specifies the version number of the PASSDB interface
308	* this SAMBA will load. Increment this if ANY changes are made to the interface.
309	* Changed interface to fix int -> size_t problems. JRA.
310	* There's no point in allocating arrays in
311	* samr_lookup_rids twice. It was done in the srv_samr_nt.c code as well as in
312	* the pdb module. Remove the latter, this might happen more often. VL.
313	* changed to version 14 to move lookup_rids and lookup_names to return
314	* enum lsa_SidType rather than uint32_t.
315	* Changed to 16 for access to the trusted domain passwords (obnox).
316	* Changed to 17, the sampwent interface is gone.
317	* Changed to 18, pdb_rid_algorithm -> pdb_capabilities
318	* Changed to 19, removed uid_to_rid
319	*/
320
321	#define PASSDB_INTERFACE_VERSION 19
322
323	struct pdb_methods
324	{
325	const char name; / What name got this module */
326
327	struct pdb_domain_info (get_domain_info)(struct pdb_methods *,
328	TALLOC_CTX *mem_ctx);
329
330	NTSTATUS (getsampwnam)(struct pdb_methods , struct samu sam_acct, const char username);
331
332	NTSTATUS (getsampwsid)(struct pdb_methods , struct samu sam_acct, const struct dom_sid sid);
333
334	NTSTATUS (create_user)(struct pdb_methods , TALLOC_CTX *tmp_ctx,
335	const char *name, uint32_t acct_flags,
336	uint32_t *rid);
337
338	NTSTATUS (delete_user)(struct pdb_methods , TALLOC_CTX *tmp_ctx,
339	struct samu *sam_acct);
340
341	NTSTATUS (add_sam_account)(struct pdb_methods , struct samu *sampass);
342
343	NTSTATUS (update_sam_account)(struct pdb_methods , struct samu *sampass);
344
345	NTSTATUS (delete_sam_account)(struct pdb_methods , struct samu *username);
346
347	NTSTATUS (rename_sam_account)(struct pdb_methods , struct samu oldname, const char newname);
348
349	NTSTATUS (update_login_attempts)(struct pdb_methods methods, struct samu *sam_acct, bool success);
350
351	NTSTATUS (getgrsid)(struct pdb_methods methods, GROUP_MAP *map, struct dom_sid sid);
352
353	NTSTATUS (getgrgid)(struct pdb_methods methods, GROUP_MAP *map, gid_t gid);
354
355	NTSTATUS (getgrnam)(struct pdb_methods methods, GROUP_MAP map, const char name);
356
357	NTSTATUS (create_dom_group)(struct pdb_methods methods,
358	TALLOC_CTX mem_ctx, const char name,
359	uint32_t *rid);
360
361	NTSTATUS (delete_dom_group)(struct pdb_methods methods,
362	TALLOC_CTX *mem_ctx, uint32_t rid);
363
364	NTSTATUS (add_group_mapping_entry)(struct pdb_methods methods,
365	GROUP_MAP *map);
366
367	NTSTATUS (update_group_mapping_entry)(struct pdb_methods methods,
368	GROUP_MAP *map);
369
370	NTSTATUS (delete_group_mapping_entry)(struct pdb_methods methods,
371	struct dom_sid sid);
372
373	NTSTATUS (enum_group_mapping)(struct pdb_methods methods,
374	const struct dom_sid *sid, enum lsa_SidType sid_name_use,
375	GROUP_MAP *pp_rmap, size_t p_num_entries,
376	bool unix_only);
377
378	NTSTATUS (enum_group_members)(struct pdb_methods methods,
379	TALLOC_CTX *mem_ctx,
380	const struct dom_sid *group,
381	uint32_t **pp_member_rids,
382	size_t *p_num_members);
383
384	NTSTATUS (enum_group_memberships)(struct pdb_methods methods,
385	TALLOC_CTX *mem_ctx,
386	struct samu *user,
387	struct dom_sid pp_sids, gid_t pp_gids,
388	uint32_t *p_num_groups);
389
390	NTSTATUS (set_unix_primary_group)(struct pdb_methods methods,
391	TALLOC_CTX *mem_ctx,
392	struct samu *user);
393
394	NTSTATUS (add_groupmem)(struct pdb_methods methods,
395	TALLOC_CTX *mem_ctx,
396	uint32_t group_rid, uint32_t member_rid);
397
398	NTSTATUS (del_groupmem)(struct pdb_methods methods,
399	TALLOC_CTX *mem_ctx,
400	uint32_t group_rid, uint32_t member_rid);
401
402	NTSTATUS (create_alias)(struct pdb_methods methods,
403	const char name, uint32_t rid);
404
405	NTSTATUS (delete_alias)(struct pdb_methods methods,
406	const struct dom_sid *sid);
407
408	NTSTATUS (get_aliasinfo)(struct pdb_methods methods,
409	const struct dom_sid *sid,
410	struct acct_info *info);
411
412	NTSTATUS (set_aliasinfo)(struct pdb_methods methods,
413	const struct dom_sid *sid,
414	struct acct_info *info);
415
416	NTSTATUS (add_aliasmem)(struct pdb_methods methods,
417	const struct dom_sid alias, const struct dom_sid member);
418	NTSTATUS (del_aliasmem)(struct pdb_methods methods,
419	const struct dom_sid alias, const struct dom_sid member);
420	NTSTATUS (enum_aliasmem)(struct pdb_methods methods,
421	const struct dom_sid alias, TALLOC_CTX mem_ctx,
422	struct dom_sid *members, size_t p_num_members);
423	NTSTATUS (enum_alias_memberships)(struct pdb_methods methods,
424	TALLOC_CTX *mem_ctx,
425	const struct dom_sid *domain_sid,
426	const struct dom_sid *members,
427	size_t num_members,
428	uint32_t **pp_alias_rids,
429	size_t *p_num_alias_rids);
430
431	NTSTATUS (lookup_rids)(struct pdb_methods methods,
432	const struct dom_sid *domain_sid,
433	int num_rids,
434	uint32_t *rids,
435	const char **pp_names,
436	enum lsa_SidType *attrs);
437
438	NTSTATUS (lookup_names)(struct pdb_methods methods,
439	const struct dom_sid *domain_sid,
440	int num_names,
441	const char **pp_names,
442	uint32_t *rids,
443	enum lsa_SidType *attrs);
444
445	NTSTATUS (get_account_policy)(struct pdb_methods methods,
446	enum pdb_policy_type type,
447	uint32_t *value);
448
449	NTSTATUS (set_account_policy)(struct pdb_methods methods,
450	enum pdb_policy_type type,
451	uint32_t value);
452
453	NTSTATUS (get_seq_num)(struct pdb_methods methods, time_t *seq_num);
454
455	bool (search_users)(struct pdb_methods methods,
456	struct pdb_search *search,
457	uint32_t acct_flags);
458	bool (search_groups)(struct pdb_methods methods,
459	struct pdb_search *search);
460	bool (search_aliases)(struct pdb_methods methods,
461	struct pdb_search *search,
462	const struct dom_sid *sid);
463
464	bool (uid_to_sid)(struct pdb_methods methods, uid_t uid,
465	struct dom_sid *sid);
466	bool (gid_to_sid)(struct pdb_methods methods, gid_t gid,
467	struct dom_sid *sid);
468	bool (sid_to_id)(struct pdb_methods methods, const struct dom_sid *sid,
469	union unid_t id, enum lsa_SidType type);
470
471	uint32_t (capabilities)(struct pdb_methods methods);
472	bool (new_rid)(struct pdb_methods methods, uint32_t *rid);
473
474
475	bool (get_trusteddom_pw)(struct pdb_methods methods,
476	const char domain, char* pwd,
477	struct dom_sid sid, time_t pass_last_set_time);
478	bool (set_trusteddom_pw)(struct pdb_methods methods,
479	const char* domain, const char* pwd,
480	const struct dom_sid *sid);
481	bool (del_trusteddom_pw)(struct pdb_methods methods,
482	const char *domain);
483	NTSTATUS (enum_trusteddoms)(struct pdb_methods methods,
484	TALLOC_CTX mem_ctx, uint32_t num_domains,
485	struct trustdom_info ***domains);
486
487
488	NTSTATUS (get_trusted_domain)(struct pdb_methods methods,
489	TALLOC_CTX *mem_ctx,
490	const char *domain,
491	struct pdb_trusted_domain **td);
492	NTSTATUS (get_trusted_domain_by_sid)(struct pdb_methods methods,
493	TALLOC_CTX *mem_ctx,
494	struct dom_sid *sid,
495	struct pdb_trusted_domain **td);
496	NTSTATUS (set_trusted_domain)(struct pdb_methods methods,
497	const char* domain,
498	const struct pdb_trusted_domain *td);
499	NTSTATUS (del_trusted_domain)(struct pdb_methods methods,
500	const char *domain);
501	NTSTATUS (enum_trusted_domains)(struct pdb_methods methods,
502	TALLOC_CTX *mem_ctx,
503	uint32_t *num_domains,
504	struct pdb_trusted_domain ***domains);
505
506	void private_data; / Private data of some kind */
507
508	void (free_private_data)(void *);
509	};
510
511	typedef NTSTATUS (pdb_init_function)(struct pdb_methods , const char );
512
513	struct pdb_init_function_entry {
514	const char *name;
515
516	/* Function to create a member of the pdb_methods list */
517	pdb_init_function init;
518
519	struct pdb_init_function_entry prev, next;
520	};
521
522	#include "passdb/proto.h"
523	#include "passdb/machine_sid.h"
524	#include "passdb/lookup_sid.h"
525
526	#endif /* _PASSDB_H */

Note: See TracBrowser for help on using the repository browser.

Download in other formats: