2 * Unix SMB/CIFS implementation.
3 * secrets.tdb file format info
4 * Copyright (C) Andrew Tridgell 2000
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 3 of the License, or (at your
9 * option) any later version.
11 * This program is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
16 * You should have received a copy of the GNU General Public License along with
17 * this program; if not, see <http://www.gnu.org/licenses/>.
23 /* the first one is for the hashed password (NT4 style) the latter
26 #define SECRETS_MACHINE_ACCT_PASS "SECRETS/$MACHINE.ACC"
27 #define SECRETS_MACHINE_PASSWORD "SECRETS/MACHINE_PASSWORD"
28 #define SECRETS_MACHINE_PASSWORD_PREV "SECRETS/MACHINE_PASSWORD.PREV"
29 #define SECRETS_MACHINE_LAST_CHANGE_TIME "SECRETS/MACHINE_LAST_CHANGE_TIME"
30 #define SECRETS_MACHINE_SEC_CHANNEL_TYPE "SECRETS/MACHINE_SEC_CHANNEL_TYPE"
31 #define SECRETS_MACHINE_TRUST_ACCOUNT_NAME "SECRETS/SECRETS_MACHINE_TRUST_ACCOUNT_NAME"
32 /* this one is for storing trusted domain account password */
33 #define SECRETS_DOMTRUST_ACCT_PASS "SECRETS/$DOMTRUST.ACC"
35 /* Store the principal name used for Kerberos DES key salt under this key name. */
36 #define SECRETS_SALTING_PRINCIPAL "SECRETS/SALTING_PRINCIPAL"
38 /* The domain sid and our sid are stored here even though they aren't
40 #define SECRETS_DOMAIN_SID "SECRETS/SID"
41 #define SECRETS_SAM_SID "SAM/SID"
42 #define SECRETS_PROTECT_IDS "SECRETS/PROTECT/IDS"
44 /* The domain GUID and server GUID (NOT the same) are also not secret */
45 #define SECRETS_DOMAIN_GUID "SECRETS/DOMGUID"
46 #define SECRETS_SERVER_GUID "SECRETS/GUID"
48 #define SECRETS_LDAP_BIND_PW "SECRETS/LDAP_BIND_PW"
50 #define SECRETS_LOCAL_SCHANNEL_KEY "SECRETS/LOCAL_SCHANNEL_KEY"
52 /* Authenticated user info is stored in secrets.tdb under these keys */
54 #define SECRETS_AUTH_USER "SECRETS/AUTH_USER"
55 #define SECRETS_AUTH_DOMAIN "SECRETS/AUTH_DOMAIN"
56 #define SECRETS_AUTH_PASSWORD "SECRETS/AUTH_PASSWORD"
58 /* structure for storing machine account password
59 (ie. when samba server is member of a domain */
60 struct machine_acct_pass
{
66 * Format of an OpenAFS keyfile
69 #define SECRETS_AFS_MAXKEYS 8
78 struct afs_key entry
[SECRETS_AFS_MAXKEYS
];
81 #define SECRETS_AFS_KEYFILE "SECRETS/AFS_KEYFILE"
83 /* The following definitions come from passdb/secrets.c */
85 bool secrets_init_path(const char *private_dir
, bool use_ntdb
);
86 bool secrets_init(void);
87 struct db_context
*secrets_db_ctx(void);
88 void secrets_shutdown(void);
89 void *secrets_fetch(const char *key
, size_t *size
);
90 bool secrets_store(const char *key
, const void *data
, size_t size
);
91 bool secrets_delete(const char *key
);
93 /* The following definitions come from passdb/machine_account_secrets.c */
94 bool secrets_mark_domain_protected(const char *domain
);
95 bool secrets_clear_domain_protection(const char *domain
);
96 bool secrets_store_domain_sid(const char *domain
, const struct dom_sid
*sid
);
97 bool secrets_fetch_domain_sid(const char *domain
, struct dom_sid
*sid
);
98 bool secrets_store_domain_guid(const char *domain
, struct GUID
*guid
);
99 bool secrets_fetch_domain_guid(const char *domain
, struct GUID
*guid
);
100 void *secrets_get_trust_account_lock(TALLOC_CTX
*mem_ctx
, const char *domain
);
101 enum netr_SchannelType
get_default_sec_channel(void);
102 bool secrets_fetch_trust_account_password_legacy(const char *domain
,
104 time_t *pass_last_set_time
,
105 enum netr_SchannelType
*channel
);
106 bool secrets_fetch_trust_account_password(const char *domain
, uint8_t ret_pwd
[16],
107 time_t *pass_last_set_time
,
108 enum netr_SchannelType
*channel
);
109 bool secrets_fetch_trusted_domain_password(const char *domain
, char** pwd
,
110 struct dom_sid
*sid
, time_t *pass_last_set_time
);
111 bool secrets_store_trusted_domain_password(const char* domain
, const char* pwd
,
112 const struct dom_sid
*sid
);
113 bool secrets_delete_machine_password_ex(const char *domain
);
114 bool secrets_delete_domain_sid(const char *domain
);
115 bool secrets_store_machine_password(const char *pass
, const char *domain
, enum netr_SchannelType sec_channel
);
116 char *secrets_fetch_prev_machine_password(const char *domain
);
117 char *secrets_fetch_machine_password(const char *domain
,
118 time_t *pass_last_set_time
,
119 enum netr_SchannelType
*channel
);
120 bool trusted_domain_password_delete(const char *domain
);
121 bool secrets_store_ldap_pw(const char* dn
, char* pw
);
122 bool fetch_ldap_pw(char **dn
, char** pw
);
123 bool secrets_store_afs_keyfile(const char *cell
, const struct afs_keyfile
*keyfile
);
124 bool secrets_fetch_afs_key(const char *cell
, struct afs_key
*result
);
125 void secrets_fetch_ipc_userpass(char **username
, char **domain
, char **password
);
126 bool secrets_store_generic(const char *owner
, const char *key
, const char *secret
);
127 char *secrets_fetch_generic(const char *owner
, const char *key
);
129 bool secrets_store_machine_pw_sync(const char *pass
, const char *oldpass
, const char *domain
,
131 const char *salting_principal
, uint32_t supported_enc_types
,
132 const struct dom_sid
*domain_sid
, uint32_t last_change_time
,
133 uint32_t secure_channel
,
136 /* The following definitions come from passdb/secrets_lsa.c */
137 NTSTATUS
lsa_secret_get(TALLOC_CTX
*mem_ctx
,
138 const char *secret_name
,
139 DATA_BLOB
*secret_current
,
140 NTTIME
*secret_current_lastchange
,
141 DATA_BLOB
*secret_old
,
142 NTTIME
*secret_old_lastchange
,
143 struct security_descriptor
**sd
);
144 NTSTATUS
lsa_secret_set(const char *secret_name
,
145 DATA_BLOB
*secret_current
,
146 DATA_BLOB
*secret_old
,
147 struct security_descriptor
*sd
);
148 NTSTATUS
lsa_secret_delete(const char *secret_name
);
150 #endif /* _SECRETS_H */