search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ldb_kv: Use ldb_msg_add_steal_value() in msg_add_distinguished_name()
[Samba.git] / source3 / include / secrets.h
blob24ae5bd06643bd869de6103f03d3e61f07733c93
1 /*
2 * Unix SMB/CIFS implementation.
3 * secrets.tdb file format info
4 * Copyright (C) Andrew Tridgell 2000
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 3 of the License, or (at your
9 * option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 * more details.
15 *
16 * You should have received a copy of the GNU General Public License along with
17 * this program; if not, see <http://www.gnu.org/licenses/>.
18 */
19
20 #ifndef _SECRETS_H
21 #define _SECRETS_H
22
23 /* the first one is for the hashed password (NT4 style) the latter
24 for plaintext (ADS)
25 */
26 #define SECRETS_MACHINE_ACCT_PASS "SECRETS/$MACHINE.ACC"
27 #define SECRETS_MACHINE_PASSWORD "SECRETS/MACHINE_PASSWORD"
28 #define SECRETS_MACHINE_PASSWORD_PREV "SECRETS/MACHINE_PASSWORD.PREV"
29 #define SECRETS_MACHINE_LAST_CHANGE_TIME "SECRETS/MACHINE_LAST_CHANGE_TIME"
30 #define SECRETS_MACHINE_SEC_CHANNEL_TYPE "SECRETS/MACHINE_SEC_CHANNEL_TYPE"
31 #define SECRETS_MACHINE_TRUST_ACCOUNT_NAME "SECRETS/SECRETS_MACHINE_TRUST_ACCOUNT_NAME"
32 #define SECRETS_MACHINE_DOMAIN_INFO "SECRETS/MACHINE_DOMAIN_INFO"
33 /* this one is for storing trusted domain account password */
34 #define SECRETS_DOMTRUST_ACCT_PASS "SECRETS/$DOMTRUST.ACC"
35
36 /* Store the principal name used for Kerberos DES key salt under this key name. */
37 #define SECRETS_SALTING_PRINCIPAL "SECRETS/SALTING_PRINCIPAL"
38
39 /* The domain sid and our sid are stored here even though they aren't
40 really secret. */
41 #define SECRETS_DOMAIN_SID "SECRETS/SID"
42 #define SECRETS_SAM_SID "SAM/SID"
43 #define SECRETS_PROTECT_IDS "SECRETS/PROTECT/IDS"
44
45 /* The domain GUID and server GUID (NOT the same) are also not secret */
46 #define SECRETS_DOMAIN_GUID "SECRETS/DOMGUID"
47 #define SECRETS_SERVER_GUID "SECRETS/GUID"
48
49 #define SECRETS_LDAP_BIND_PW "SECRETS/LDAP_BIND_PW"
50
51 #define SECRETS_LOCAL_SCHANNEL_KEY "SECRETS/LOCAL_SCHANNEL_KEY"
52
53 /* Authenticated user info is stored in secrets.tdb under these keys */
54
55 #define SECRETS_AUTH_USER "SECRETS/AUTH_USER"
56 #define SECRETS_AUTH_DOMAIN "SECRETS/AUTH_DOMAIN"
57 #define SECRETS_AUTH_PASSWORD "SECRETS/AUTH_PASSWORD"
58
59 /* structure for storing machine account password
60 (ie. when samba server is member of a domain */
61 struct machine_acct_pass {
62 uint8_t hash[16];
63 time_t mod_time;
64 };
65
66 /*
67 * Format of an OpenAFS keyfile
68 */
69
70 #define SECRETS_AFS_MAXKEYS 8
71
72 struct afs_key {
73 uint32_t kvno;
74 char key[8];
75 };
76
77 struct afs_keyfile {
78 uint32_t nkeys;
79 struct afs_key entry[SECRETS_AFS_MAXKEYS];
80 };
81
82 #define SECRETS_AFS_KEYFILE "SECRETS/AFS_KEYFILE"
83
84 /* The following definitions come from passdb/secrets.c */
85
86 bool secrets_init_path(const char *private_dir);
87 bool secrets_init(void);
88 struct db_context *secrets_db_ctx(void);
89 void secrets_shutdown(void);
90 void *secrets_fetch(const char *key, size_t *size);
91 bool secrets_store(const char *key, const void *data, size_t size);
92 bool secrets_delete_entry(const char *key);
93 bool secrets_delete(const char *key);
94
95 /* The following definitions come from passdb/machine_account_secrets.c */
96 bool secrets_mark_domain_protected(const char *domain);
97 bool secrets_clear_domain_protection(const char *domain);
98 bool secrets_store_domain_sid(const char *domain, const struct dom_sid *sid);
99 bool secrets_fetch_domain_sid(const char *domain, struct dom_sid *sid);
100 bool secrets_store_domain_guid(const char *domain, const struct GUID *guid);
101 bool secrets_fetch_domain_guid(const char *domain, struct GUID *guid);
102 enum netr_SchannelType get_default_sec_channel(void);
103 bool secrets_fetch_trust_account_password_legacy(const char *domain,
104 uint8_t ret_pwd[16],
105 time_t *pass_last_set_time,
106 enum netr_SchannelType *channel);
107 bool secrets_fetch_trust_account_password(const char *domain, uint8_t ret_pwd[16],
108 time_t *pass_last_set_time,
109 enum netr_SchannelType *channel);
110 bool secrets_fetch_trusted_domain_password(const char *domain, char** pwd,
111 struct dom_sid *sid, time_t *pass_last_set_time);
112 bool secrets_store_trusted_domain_password(const char* domain, const char* pwd,
113 const struct dom_sid *sid);
114 struct libnet_JoinCtx;
115 NTSTATUS secrets_store_JoinCtx(const struct libnet_JoinCtx *r);
116 struct secrets_domain_info1;
117 struct secrets_domain_info1_change;
118 void secrets_debug_domain_info(int lvl, const struct secrets_domain_info1 *info,
119 const char *name);
120 char *secrets_domain_info_string(TALLOC_CTX *mem_ctx, const struct secrets_domain_info1 *info1,
121 const char *name, bool include_secrets);
122 NTSTATUS secrets_fetch_or_upgrade_domain_info(const char *domain,
123 TALLOC_CTX *mem_ctx,
124 struct secrets_domain_info1 **pinfo);
125 NTSTATUS secrets_prepare_password_change(const char *domain, const char *dcname,
126 const char *cleartext_unix,
127 TALLOC_CTX *mem_ctx,
128 struct secrets_domain_info1 **pinfo,
129 struct secrets_domain_info1_change **pprev);
130 NTSTATUS secrets_failed_password_change(const char *change_server,
131 NTSTATUS local_status,
132 NTSTATUS remote_status,
133 const struct secrets_domain_info1 *info);
134 NTSTATUS secrets_defer_password_change(const char *change_server,
135 NTSTATUS local_status,
136 NTSTATUS remote_status,
137 const struct secrets_domain_info1 *info);
138 NTSTATUS secrets_finish_password_change(const char *change_server,
139 NTTIME change_time,
140 const struct secrets_domain_info1 *info);
141 bool secrets_delete_machine_password_ex(const char *domain, const char *realm);
142 bool secrets_delete_domain_sid(const char *domain);
143 char *secrets_fetch_prev_machine_password(const char *domain);
144 time_t secrets_fetch_pass_last_set_time(const char *domain);
145 char *secrets_fetch_machine_password(const char *domain,
146 time_t *pass_last_set_time,
147 enum netr_SchannelType *channel);
148 bool trusted_domain_password_delete(const char *domain);
149 bool secrets_store_ldap_pw(const char* dn, char* pw);
150 bool fetch_ldap_pw(char **dn, char** pw);
151 bool secrets_store_afs_keyfile(const char *cell, const struct afs_keyfile *keyfile);
152 bool secrets_fetch_afs_key(const char *cell, struct afs_key *result);
153 void secrets_fetch_ipc_userpass(char **username, char **domain, char **password);
154 bool secrets_store_generic(const char *owner, const char *key, const char *secret);
155 char *secrets_fetch_generic(const char *owner, const char *key);
156
157 bool secrets_store_machine_pw_sync(const char *pass, const char *oldpass, const char *domain,
158 const char *realm,
159 const char *salting_principal, uint32_t supported_enc_types,
160 const struct dom_sid *domain_sid, uint32_t last_change_time,
161 uint32_t secure_channel,
162 bool delete_join);
163
164 char* kerberos_standard_des_salt( void );
165 bool kerberos_secrets_store_des_salt( const char* salt );
166 char *kerberos_secrets_fetch_salt_princ(void);
167
168 /* The following definitions come from passdb/secrets_lsa.c */
169 NTSTATUS lsa_secret_get(TALLOC_CTX *mem_ctx,
170 const char *secret_name,
171 DATA_BLOB *secret_current,
172 NTTIME *secret_current_lastchange,
173 DATA_BLOB *secret_old,
174 NTTIME *secret_old_lastchange,
175 struct security_descriptor **sd);
176 NTSTATUS lsa_secret_set(const char *secret_name,
177 DATA_BLOB *secret_current,
178 DATA_BLOB *secret_old,
179 struct security_descriptor *sd);
180 NTSTATUS lsa_secret_delete(const char *secret_name);
181
182 #endif /* _SECRETS_H */
Samba GIT mirror