source/include/secrets.h

   1 /*
   2  * Unix SMB/CIFS implementation.
   3  * secrets.tdb file format info
   4  * Copyright (C) Andrew Tridgell              2000
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2 of the License, or (at your
   9  * option) any later version.
  10  *
  11  * This program is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
  14  * more details.
  15  *
  16  * You should have received a copy of the GNU General Public License along with
  17  * this program; if not, write to the Free Software Foundation, Inc., 675
  18  * Mass Ave, Cambridge, MA 02139, USA.
  19  */
  20
  21 #ifndef _SECRETS_H
  22 #define _SECRETS_H
  23
  24 /* the first one is for the hashed password (NT4 style) the latter
  25    for plaintext (ADS)
  26 */
  27 #define SECRETS_MACHINE_ACCT_PASS "SECRETS/$MACHINE.ACC"
  28 #define SECRETS_MACHINE_PASSWORD "SECRETS/MACHINE_PASSWORD"
  29 #define SECRETS_MACHINE_LAST_CHANGE_TIME "SECRETS/MACHINE_LAST_CHANGE_TIME"
  30 #define SECRETS_MACHINE_SEC_CHANNEL_TYPE "SECRETS/MACHINE_SEC_CHANNEL_TYPE"
  31 #define SECRETS_MACHINE_TRUST_ACCOUNT_NAME "SECRETS/SECRETS_MACHINE_TRUST_ACCOUNT_NAME"
  32 /* this one is for storing trusted domain account password */
  33 #define SECRETS_DOMTRUST_ACCT_PASS "SECRETS/$DOMTRUST.ACC"
  34
  35 /* Store the principal name used for Kerberos DES key salt under this key name. */
  36 #define SECRETS_SALTING_PRINCIPAL "SECRETS/SALTING_PRINCIPAL"
  37
  38 /* The domain sid and our sid are stored here even though they aren't
  39    really secret. */
  40 #define SECRETS_DOMAIN_SID    "SECRETS/SID"
  41 #define SECRETS_SAM_SID       "SAM/SID"
  42
  43 /* The domain GUID and server GUID (NOT the same) are also not secret */
  44 #define SECRETS_DOMAIN_GUID   "SECRETS/DOMGUID"
  45 #define SECRETS_SERVER_GUID   "SECRETS/GUID"
  46
  47 #define SECRETS_LDAP_BIND_PW "SECRETS/LDAP_BIND_PW"
  48
  49 /* Authenticated user info is stored in secrets.tdb under these keys */
  50
  51 #define SECRETS_AUTH_USER      "SECRETS/AUTH_USER"
  52 #define SECRETS_AUTH_DOMAIN      "SECRETS/AUTH_DOMAIN"
  53 #define SECRETS_AUTH_PASSWORD  "SECRETS/AUTH_PASSWORD"
  54
  55 /* structure for storing machine account password
  56    (ie. when samba server is member of a domain */
  57 struct machine_acct_pass {
  58         uint8 hash[16];
  59         time_t mod_time;
  60 };
  61
  62 /*
  63  * storage structure for trusted domain
  64  */
  65 typedef struct trusted_dom_pass {
  66         size_t uni_name_len;
  67         smb_ucs2_t uni_name[32]; /* unicode domain name */
  68         size_t pass_len;
  69         fstring pass;           /* trust relationship's password */
  70         time_t mod_time;
  71         DOM_SID domain_sid;     /* remote domain's sid */
  72 } TRUSTED_DOM_PASS;
  73
  74 /*
  75  * trusted domain entry/entries returned by secrets_get_trusted_domains
  76  * (used in _lsa_enum_trust_dom call)
  77  */
  78 typedef struct trustdom {
  79         smb_ucs2_t *name;
  80         DOM_SID sid;
  81 } TRUSTDOM;
  82
  83 /*
  84  * Format of an OpenAFS keyfile
  85  */
  86
  87 #define SECRETS_AFS_MAXKEYS 8
  88
  89 struct afs_key {
  90         uint32 kvno;
  91         char key[8];
  92 };
  93
  94 struct afs_keyfile {
  95         uint32 nkeys;
  96         struct afs_key entry[SECRETS_AFS_MAXKEYS];
  97 };
  98
  99 #define SECRETS_AFS_KEYFILE "SECRETS/AFS_KEYFILE"
 100
 101 #endif /* _SECRETS_H */