s3: Fix a winbind race leading to 100% CPU
[Samba.git] / source3 / include / secrets.h
blob01e635c5803790ae6a46e1b9e60c8ec6fff6b544
1 /*
2 * Unix SMB/CIFS implementation.
3 * secrets.tdb file format info
4 * Copyright (C) Andrew Tridgell 2000
5 *
6 * This program is free software; you can redistribute it and/or modify it
7 * under the terms of the GNU General Public License as published by the
8 * Free Software Foundation; either version 3 of the License, or (at your
9 * option) any later version.
11 * This program is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
14 * more details.
16 * You should have received a copy of the GNU General Public License along with
17 * this program; if not, see <http://www.gnu.org/licenses/>.
20 #ifndef _SECRETS_H
21 #define _SECRETS_H
23 /* the first one is for the hashed password (NT4 style) the latter
24 for plaintext (ADS)
26 #define SECRETS_MACHINE_ACCT_PASS "SECRETS/$MACHINE.ACC"
27 #define SECRETS_MACHINE_PASSWORD "SECRETS/MACHINE_PASSWORD"
28 #define SECRETS_MACHINE_PASSWORD_PREV "SECRETS/MACHINE_PASSWORD.PREV"
29 #define SECRETS_MACHINE_LAST_CHANGE_TIME "SECRETS/MACHINE_LAST_CHANGE_TIME"
30 #define SECRETS_MACHINE_SEC_CHANNEL_TYPE "SECRETS/MACHINE_SEC_CHANNEL_TYPE"
31 #define SECRETS_MACHINE_TRUST_ACCOUNT_NAME "SECRETS/SECRETS_MACHINE_TRUST_ACCOUNT_NAME"
32 /* this one is for storing trusted domain account password */
33 #define SECRETS_DOMTRUST_ACCT_PASS "SECRETS/$DOMTRUST.ACC"
35 /* Store the principal name used for Kerberos DES key salt under this key name. */
36 #define SECRETS_SALTING_PRINCIPAL "SECRETS/SALTING_PRINCIPAL"
38 /* The domain sid and our sid are stored here even though they aren't
39 really secret. */
40 #define SECRETS_DOMAIN_SID "SECRETS/SID"
41 #define SECRETS_SAM_SID "SAM/SID"
43 /* The domain GUID and server GUID (NOT the same) are also not secret */
44 #define SECRETS_DOMAIN_GUID "SECRETS/DOMGUID"
45 #define SECRETS_SERVER_GUID "SECRETS/GUID"
47 #define SECRETS_LDAP_BIND_PW "SECRETS/LDAP_BIND_PW"
49 #define SECRETS_LOCAL_SCHANNEL_KEY "SECRETS/LOCAL_SCHANNEL_KEY"
51 /* Authenticated user info is stored in secrets.tdb under these keys */
53 #define SECRETS_AUTH_USER "SECRETS/AUTH_USER"
54 #define SECRETS_AUTH_DOMAIN "SECRETS/AUTH_DOMAIN"
55 #define SECRETS_AUTH_PASSWORD "SECRETS/AUTH_PASSWORD"
57 /* structure for storing machine account password
58 (ie. when samba server is member of a domain */
59 struct machine_acct_pass {
60 uint8 hash[16];
61 time_t mod_time;
65 * Format of an OpenAFS keyfile
68 #define SECRETS_AFS_MAXKEYS 8
70 struct afs_key {
71 uint32 kvno;
72 char key[8];
75 struct afs_keyfile {
76 uint32 nkeys;
77 struct afs_key entry[SECRETS_AFS_MAXKEYS];
80 #define SECRETS_AFS_KEYFILE "SECRETS/AFS_KEYFILE"
82 /* The following definitions come from passdb/secrets.c */
84 bool secrets_init(void);
85 struct db_context *secrets_db_ctx(void);
86 void secrets_shutdown(void);
87 void *secrets_fetch(const char *key, size_t *size);
88 bool secrets_store(const char *key, const void *data, size_t size);
89 bool secrets_delete(const char *key);
90 bool secrets_store_domain_sid(const char *domain, const struct dom_sid *sid);
91 bool secrets_fetch_domain_sid(const char *domain, struct dom_sid *sid);
92 bool secrets_store_domain_guid(const char *domain, struct GUID *guid);
93 bool secrets_fetch_domain_guid(const char *domain, struct GUID *guid);
94 void *secrets_get_trust_account_lock(TALLOC_CTX *mem_ctx, const char *domain);
95 enum netr_SchannelType get_default_sec_channel(void);
96 bool secrets_fetch_trust_account_password_legacy(const char *domain,
97 uint8 ret_pwd[16],
98 time_t *pass_last_set_time,
99 enum netr_SchannelType *channel);
100 bool secrets_fetch_trust_account_password(const char *domain, uint8 ret_pwd[16],
101 time_t *pass_last_set_time,
102 enum netr_SchannelType *channel);
103 bool secrets_fetch_trusted_domain_password(const char *domain, char** pwd,
104 struct dom_sid *sid, time_t *pass_last_set_time);
105 bool secrets_store_trusted_domain_password(const char* domain, const char* pwd,
106 const struct dom_sid *sid);
107 bool secrets_delete_machine_password(const char *domain);
108 bool secrets_delete_machine_password_ex(const char *domain);
109 bool secrets_delete_domain_sid(const char *domain);
110 bool secrets_store_machine_password(const char *pass, const char *domain, enum netr_SchannelType sec_channel);
111 char *secrets_fetch_prev_machine_password(const char *domain);
112 char *secrets_fetch_machine_password(const char *domain,
113 time_t *pass_last_set_time,
114 enum netr_SchannelType *channel);
115 bool trusted_domain_password_delete(const char *domain);
116 bool secrets_store_ldap_pw(const char* dn, char* pw);
117 bool fetch_ldap_pw(char **dn, char** pw);
118 struct trustdom_info;
119 NTSTATUS secrets_trusted_domains(TALLOC_CTX *mem_ctx, uint32 *num_domains,
120 struct trustdom_info ***domains);
121 bool secrets_store_afs_keyfile(const char *cell, const struct afs_keyfile *keyfile);
122 bool secrets_fetch_afs_key(const char *cell, struct afs_key *result);
123 void secrets_fetch_ipc_userpass(char **username, char **domain, char **password);
124 bool secrets_store_generic(const char *owner, const char *key, const char *secret);
125 char *secrets_fetch_generic(const char *owner, const char *key);
126 bool secrets_delete_generic(const char *owner, const char *key);
128 #endif /* _SECRETS_H */